CVE-2019-5648

Name of the Vulnerable Software and Affected Versions Barracuda Load Balancer ADC versions prior to 6.4

Description The issue allows an authenticated administrative user to modify the LDAP service configuration, potentially exposing LDAP credentials over the network by changing the LDAP server to an attacker-controlled system without requiring re-entry of LDAP credentials.

Recommendations For versions prior to 6.4, update the firmware to a patched version to resolve the issue. As a temporary workaround, consider restricting access to the LDAP service configuration to minimize the risk of exploitation.