In order to exploit this vulnerability, an attacker would require access to the management interface of the Citrix ADC. In situations where customers have deployed their Citrix ADC and Citrix Gateway appliances in line with industry best practice, network access to this interface should already be restricted.
If the customer has previously changed the default internal user account or RPC node password in accordance with the guidelines in the Secure Deployment Guide, then this issue does not impact their deployment.