The scope of the attack is limited to just “a small number of customers” at the moment according to Citrix and it impacts all ADCs with Enlightened Data Transport UDP Protocol (EDT) enabled.