That's great and all, but if there was a known barracuda OS vuln that allowed attackers to gain root access, then they could gather information about the hardware, which includes the ability to interact with the IPMI (which runs it's own separate OS) to update the firmware or whichever way they're able gain persistent access to the IPMI device's OS.