Citrix has finally started rolling out security patches for a critical vulnerability in ADC and Gateway software. The vulnerability is a path traversal issue that could allow unauthenticated remote attackers to execute arbitrary code. As of today, there are over 15,000 publicly accessible vulnerable Citrix ADCs and Gateway servers that attackers can exploit overnight to target potential enterprise networks. The issue was discovered by Mikhail Klyuchnikov, a security researcher at Positive Technologies, who responsibly reported it to Citrix in early December.
Source: https://thehackernews.com/2020/01/citrix-adc-patch-update.html