FCEB agencies must patch or mitigate the vulnerability as ordered by the BOD 22-01 binding operational directive. However, this is no longer needed since Barracuda has already patched all vulnerable devices by applying two patches over the weekend.
Source: cyware.com