Description

Barracuda products, confirmed in Spam & Virus Firewall, SSL VPN, and Web Application Firewall versions prior to October 2010, contain a path traversal vulnerability in the view_help.cgi endpoint. The locale parameter fails to properly sanitize user input, allowing attackers to inject traversal sequences and null-byte terminators to access arbitrary files on the underlying system. By exploiting this flaw, unauthenticated remote attackers can retrieve sensitive configuration files such as /mail/snapshot/config.snapshot, potentially exposing credentials, internal settings, and other critical data.

INFO

Published Date :

2025-08-21T20:09:03.535Z

Last Modified :

2025-08-22T14:02:46.384Z

Source :

VulnCheck
AFFECTED PRODUCTS

The following products are affected by CVE-2010-20109 vulnerability.

Vendors Products
Barracuda
  • Web Application Firewall
Barracudanetworks
  • Barracuda Ssl Vpn
  • Spam & Virus Firewall 600
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2010-20109.

URL Resource
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/barracuda_directory_traversal.rb cve-icon cve-icon
https://web.archive.org/web/20101004131244/http://secunia.com/advisories/41609/ cve-icon cve-icon
https://www.exploit-db.com/exploits/15130 cve-icon cve-icon
https://www.vulncheck.com/advisories/barracuda-multiple-products-locale-path-traversal cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability