Barracuda Web Filter prior to version 8.1.0.005 does not properly check upstream certificate validity when performing SSL inspection, and delivers one of three default root CA certificates across multiple machines for SSL inspection.
According to Barracuda Networks, the Barracuda Web Filter is a "comprehensive solution for web security and management" with many features, including the ability to provide "visibility into SSL-encrypted traffic". This SSL inspection feature of the Barracuda Web Filter is vulnerable to multiple issues.
Incomplete validation of upstream certificate validity - CVE-2015-0961
Barracuda Networks has released a security advisory with more details. For more information on the impact of these issues on SSL inspection, please see Will Dormann's CERT/CC blog post on SSL Inspection.
The CVSS score below is based on CVE-2015-0962.
The impact of either CVE-2015-0961 or CVE-2015-0962 may allow an attacker to successfully achieve a man-in-the-middle (MITM) attack without the client knowing it.
Update the firmware
Thanks to Barracuda Networks for promptly addressing these issues and contacting the CERT/CC to coordinate disclosure.
This document was written by Garret Wassermann.