Citrix Zero-Day Bug Allows Unauthenticated RCE
https://www.darkreading.com/cloud-security/citrix-recording-manager-zero-day-bug-unauthenticated-rce
An unpatched zero-day vulnerability in Citrix’s Session Recording Manager allows unauthenticated remote code execution (RCE, paving the way for data theft, lateral movement, and desktop takeover.
According to watchTowr research out today, the issue (which does not yet have a CVE or CVSS score) resides in Citrix's Session Recording Manager, which, as its name implies, records user activity, including keyboard and mouse inputs, websites visited, video streams of desktop activity, and more.
originally posted at https://stacker.news/items/764945
ch0k1
npub1k3…q9t9m
2024-11-12 18:13:48
Author Public Key
npub1k3qrkfq45qsvyp53hvvv2xk6tt9kfdca9asfvm9nc796dq65948q9q9t9mPublished at
2024-11-12 18:13:48Event JSON
{
"id": "b5420c3aba244aa65678791347af769ac28eb3d69b3a7a4859fe69b9029ec225",
"pubkey": "b4403b2415a020c20691bb18c51ada5acb64b71d2f60966cb3c78ba683542d4e",
"created_at": 1731435228,
"kind": 1,
"tags": [],
"content": "Citrix Zero-Day Bug Allows Unauthenticated RCE\nhttps://www.darkreading.com/cloud-security/citrix-recording-manager-zero-day-bug-unauthenticated-rce\n\nAn unpatched zero-day vulnerability in Citrix’s Session Recording Manager allows unauthenticated remote code execution (RCE, paving the way for data theft, lateral movement, and desktop takeover.\n\nAccording to watchTowr research out today, the issue (which does not yet have a CVE or CVSS score) resides in Citrix's Session Recording Manager, which, as its name implies, records user activity, including keyboard and mouse inputs, websites visited, video streams of desktop activity, and more.\n\noriginally posted at https://stacker.news/items/764945",
"sig": "16801d4338ab272fa4bfff6c53625d4d928e70dce30a449edc2909d61060f3e77c260812c8da17f272fc566b7e18366864561d8e53d747edcae39b6cf22f1127"
}