Citrix has already released patches for all of the affected devices and warns that they should be updated immediately. Anyone running an older version than listed above should also update to the latest version, which will protect them from this vulnerability and potentially other vulnerabilities. According to the NSA, this vulnerability is under active exploitation by APT5, a Chinese threat actor that is known for utilizing zero-days int their attacks. Although this is the only known group to be exploiting the vulnerability, we will likely see other groups begin to carry out attacks this way now that the vulnerability has been disclosed.
https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-citrix-adc-and-gateway-zero-day-patch-now/
