XenServer and Citrix Hypervisor Security Updates for CVE- 2023-46842, CVE-2024-2201 and CVE-2024-31142. Two issues have been identified that affect XenServer and Citrix Hypervisor.

CVE-2024-2201 – only affects deployments that use Intel CPUs while
CVE-2024-31142 – only affects deployments that use AMD CPUs.
CVE-2023-46842 – allows malicious privileged code running in a guest VM to cause the host to crash.  

The following Fortinet Products are affected;

- XenServer 8

- Hypervisor 8.2 CU1 LTSR

The vulnerabilities may allow a cyber threat actor to exploit one of these vulnerabilities to take control of an affected system.

CERTVU strongly encourages administrators to review the following Ivanti advisory and apply necessary security updates.

XenServer - We recommend that customers update to the latest version from their chosen channel as per the link:https://docs.xenserver.com/en-us/xenserver/8/update

Citrix Hypervisor 8.2 CU1 LTSR – We recommend users follow the hotfix as per the link below: https://support.citrix.com/article/CTX588044/hotfix-xs82ecu1062-for-citrix-hypervisor-82-cumulative-update-1