This vulnerability has been addressed in the following version of Citrix Application Delivery Management Agent:
• Citrix Application Delivery Management Agent version 12.1 build 50.33 and later
• Citrix Application Delivery Management Agent Cloud version 13.0 build 33.23 and later
Citrix strongly recommends that customers affected by this vulnerability upgrade to a version of the Citrix Application Delivery Management Agent that contains a fix for this issue as soon as possible.
The latest on-premises version is available on the Citrix website at the following address:
The latest Cloud version is available in the Citrix Cloud Application Delivery Management portal under Networks > Agents
In line with industry best practice, Citrix also recommends that customers limit access to the management agent interface to trusted network traffic only.
For deployments that are unable to apply the mitigating updates the following document describes agent configuration changes that are available to mitigate the issue until a time that the appropriate updates can be applied:
Note: Blocking these ports will prevent CPX Auto-registration.