CVE Overview for Barracuda CloudGen Firewall
Table of CVEs
CVE | Short summary | Assessment | Executive Summary | Affected Versions | Ticket | Mitigation | Updates | Links |
|---|---|---|---|---|---|---|---|---|
CVE-2025-15467 CVE-2025-68160 CVE-2025-69418 CVE-2025-69419 CVE-2025-69420 CVE-2025-69421 CVE-2026-22795 CVE-2026-22796 | OpenSSL vulnerabilities fixed in OpenSSL 3.6.1 | UNDER INVESTIGATION | Barracuda is looking into these vulnerabilities, if products are affected. |
|
|
|
| |
CVE-2025-62291 | strongSwan Vulnerability | NOT AFFECTED | All supported versions of CGF are not affected as the vulnerability affects client-side only, and CGF just acts as a proxy for MSCHAPv2 authentication. I.e. affected code paths are not in use. | <= 9.0.5 |
|
|
| https://www.cve.org/CVERecord?id=CVE-2025-62291 https://www.strongswan.org/blog/2025/10/27/strongswan-vulnerability-%28cve-2025-62291%29.html |
CVE-2025-62168 | A failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protections and learn the credentials a trusted client uses to authenticate. | AFFECTED | CGF and SE versions 9.0.5 and older and 10.0.1 and older are affected. | <= 9.0.5 | BNNGF-99469 |
| 9.0.6 | |
CVE-2025-8677 | Resource exhaustion via malformed DNSKEY handling | NOT AFFECTED | No currently support versions of CGF and SE are affected because the version of the installed OpenSSL is not affected. |
|
|
|
| https://www.cve.org/CVERecord/SearchResults?query=CVE-2025-408677 |
CVE-2025-40780 | Cache poisoning due to weak PRNG | AFFECTED | CGF and SE versions 9.0.5 and older and 10.0.1 and older are affected. | <= 9.0.5 | BNNGF-99468 |
| 9.0.6 | https://www.cve.org/CVERecord?id=CVE-2025-40780 https://kb.isc.org/docs/cve-2025-40780
|
CVE-2025-40778 | Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache. | AFFECTED | CGF and SE versions 9.0.5 and older and 10.0.1 and older are affected. | <= 9.0.5 | BNNGF-99468 |
| 9.0.6 | |
CVE-2025-59362 | Squid through 7.1 mishandles ASN.1 encoding of long SNMP OIDs. This occurs in asn_build_objid in lib/snmplib/asn1.c. | PARTIALLY | All supported versions of CGF are basically affected, but only if SNMP queries have been enabled. Since we have rated this as medium severity, fixes will be made available in upcoming versions, but no hotfixes will be released. | <= 9.0.5 | Disable SNMP in configuration. Or at least set the ACL for SNMP queries to a trustworthy source. | 9.0.6 10.0.2 10.5.0 | ||
CVE-2024-13176 | OpenSSL: Timing side-channel in ECDSA signature computation | AFFECTED | CGF and SE versions 9.0.5 and older and 10.0.1 and older are affected. As we do rate this being of medium severity, fixes will be made available in upcoming versions, but no hotfixes will be released | <= 9.0.5 | BNNGF-99235 |
| 9.0.6 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176 |
CVE-2024-12797 | OpenSSL: RFC7250 handshakes with unauthenticated servers don’t abort as expected | NOT AFFECTED | All currently support versions of CGF and SE are not affected as the version of the installed OpenSSL is not affected. |
|
|
|
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12797 |
CVE-2025-4575 | OpenSSL: The x509 application adds trusted use instead of rejected use | NOT AFFECTED | All currently support versions of CGF and SE are not affected as the version of the installed OpenSSL is not affected. |
|
|
|
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4575 |
CVE-2025-9232 | OpenSSL: Out-of-bounds read in HTTP client no_proxy handling | NOT AFFECTED | All currently support versions of CGF and SE are not affected as the version of the installed OpenSSL is not affected. |
|
|
|
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232 |
CVE-2025-9231 | OpenSSL: Timing side-channel in SM2 algorithm on 64 bit ARM | NOT AFFECTED | All currently support versions of CGF and SE are not affected as the version of the installed OpenSSL is not affected. |
|
|
|
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9231 |
CVE-2025-9230 | OpenSSL: out-of-bounds read and write in CMS message decryption | NOT AFFECTED | All currently support versions of CGF and SE are not affected as affected functionality is not used. | <= 9.0.5 | BNNGF-99235 |
| 9.0.6 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230 |
CVE-2025-5914 | Potential memory corruption in libarchive enabling an attacker to execute arbitrary code or cause a denial-of-service condition. | NOT AFFECTED | No currently supported versions of CGF and SE are affected due to restrictions and limitations on the system. | 9.0.5 10.0.0 | BNNGF-98602 | Not required | 9.0.6 10.0.1 10.5.0 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5914 |
CVE-2025-32463 | Privilege escalation with sudo | PARTIALLY AFFECTED | CGF in version 10.0.0 is affected, all earlier versions are not. | 10.0.0 | BNNGF-98142 | Update firmware to a fixed version 10.0.1 |
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32463
|
CVE-2025-32462 | Privilege escalation with sudo | NOT AFFECTED | No currently support versions of CGF and SE are affected because this CVE is based on a certain configuration that is not set on all devices |
|
|
|
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32462 |
CVE-2025-6019 | Local Privilege Escalation (LPE) vulnerability in libblockdev | NOT AFFECTED | No currently supported versions of CGF and SE are affected because neither libblockdev nor udisks daemon are present on the system. |
|
|
|
|
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6019 |
CVE-2025-6018 | A misconfiguration in the PAM configuration may allow an unprivileged local attacker to elevate to the “allow_active” user and invoke polkit actions normally reserved for a physically present user. | NOT AFFECTED | No currently supported versions of CGF and SE are affected because the PAM system is configured correctly and the misconfiguration is not present. |
|
|
|
|
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6018 |
CVE-2018-10938 | Linux kernel denial of service by a handcrafted network package. | NOT AFFECTED | No currently supported versions of CGF or SE are affected because those products are not using any affected Linux kernel versions (4.0 - 4.13). |
|
|
|
| |
CVE-2016-2143 | Linux kernel denial of service on kernel 4.5 on s390 platforms | NOT AFFECTED | No currently supported versions of CGF and SE are affected because those products are not using any affected Linux kernel versions (4.5 on s390) |
|
|
|
| |
CVE-2017-7273 | Linux kernel denial of service | NOT AFFECTED | No currently supported versions of CGF or SE are affected because those products are not using any affected Linux kernel versions (4.x < 4.9) |
|
|
|
| |
CVE-2020-8597 | pppd EAP authentication | NOT AFFECTED | No currently supported versions of CGF or SE are affected because those products are not supporting EAP in pppd |
|
|
|
| |
CVE-2009-0065 | Linux kernel: buffer overflow in SCTP | NOT AFFECTED | No currently supported versions of CGF or SE are affected because those products are not using any affected Linux kernel versions (2.6.28 and older) |
|
|
|
| |
CVE-2008-4395 | Linux kernel: vulnerability in ndiswrapper | NOT AFFECTED | No currently supported versions of CGF or SE are affected because ndiswarpper is not used |
|
|
|
| |
CVE-2009-1389 | Linux kernel: buffer overflow in RTL8169 | NOT AFFECTED | No currently supported versions of CGF or SE are affected because those products are not using any affected Linux kernel versions (2.6.30 and older) |
|
|
|
| |
CVE-2009-3280 | Linux kernel: buffer overflow in wireless | NOT AFFECTED | No currently supported versions of CGF or SE are affected because those products are not using any affected Linux kernel versions (2.6.30 and older) |
|
|
|
| |
CVE-2010-0008 | Linux kernel: buffer overflow in SCTP | NOT AFFECTED | No currently supported versions of CGF or SE are affected because those products are not using any affected Linux kernel versions (2.6.23 and older) |
|
|
|
| |
CVE-2009-3613 | Linux kernel: denial of service in r8169 driver | NOT AFFECTED | No currently supported versions of CGF or SE are affected because those products are not using any affected Linux kernel versions (2.6.27 and older) |
|
|
|
| |
CVE-2009-3726 | Linux kernel: denial of service in NFS | NOT AFFECTED | No currently supported versions of CGF or SE are affected because those products are not using any affected Linux kernel versions (2.6.31 and older) |
|
|
|
| |
CVE-2009-2844 | Linux kernel: denial of service in wireless | NOT AFFECTED | No currently supported versions of CGF or SE are affected because those products are not using any affected Linux kernel versions (2.6.31 and older) |
|
|
|
| |
CVE-2007-4567 | Linux kernel: denial of service in IPv6 | NOT AFFECTED | No currently supported versions of CGF or SE are affected because those products are not using any affected Linux kernel versions (2.6.22 and older) |
|
|
|
| |
CVE-2009-1385 | Linux kernel: denial of service in e1000 | NOT AFFECTED | No currently supported versions of CGF or SE are affected because those products are not using any affected Linux kernel versions (2.6.30 and older) |
|
|
|
| |
CVE-2008-4933 | Linux kernel: denial of service in hfsplus | NOT AFFECTED | No currently supported versions of CGF or SE are affected because those products are not using any affected Linux kernel versions (2.6.28 and older) |
|
|
|
| |
CVE-2009-1439 | Linux kernel: denial of service in CIFS | NOT AFFECTED | No currently supported versions of CGF or SE are affected because those products are not using any affected Linux kernel versions (2.6.29 and older) |
|
|
|
| |
CVE-2008-4618 | Linux kernel: denial of service in SCTP | NOT AFFECTED | No currently supported versions of CGF or SE are affected because those products are not using any affected Linux kernel versions (2.6.27 and older) |
|
|
|
| |
CVE-2008-5025 |
Contact Us
Barracuda Campus
Barracuda Support