CVE-2010-20109 - Vulnerability Details

- Barracuda Spam & Virus Firewall "locale" Path Traversal

Description

Barracuda products, confirmed in Spam & Virus Firewall, SSL VPN, and Web Application Firewall versions prior to October 2010, contain a path traversal vulnerability in the view_help.cgi endpoint. The locale parameter fails to properly sanitize user input, allowing attackers to inject traversal sequences and null-byte terminators to access arbitrary files on the underlying system. By exploiting this flaw, unauthenticated remote attackers can retrieve sensitive configuration files such as /mail/snapshot/config.snapshot, potentially exposing credentials, internal settings, and other critical data.

Published: 2025-08-21

Score: 8.7 High

EPSS: 55.3% High

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Barracuda Networks

Spam & Virus Firewall

unaffected

Version	Status	Constraints
`0`	affected	≤ 4.1.1.021

Barracuda Networks

SSL VPN

unaffected

Version	Status	Constraints
`0`	affected	≤ prior to October 2010

Barracuda Networks

Web Application Firewall

unknown

Version	Status	Constraints
`0`	affected	≤ prior to October 2010

No data.

Vendor	Product	Confidence	Versions
Barracuda	Web Application Firewall	—	—
Barracudanetworks	Barracuda Ssl Vpn	—	—
Barracudanetworks	Spam & Virus Firewall 600	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2010-5318	Barracuda products, confirmed in Spam & Virus Firewall, SSL VPN, and Web Application Firewall versions prior to October 2010, contain a path traversal vulnerability in the view_help.cgi endpoint. The locale parameter fails to properly sanitize user input, allowing attackers to inject traversal sequences and null-byte terminators to access arbitrary files on the underlying system. By exploiting this flaw, unauthenticated remote attackers can retrieve sensitive configuration files such as /mail/snapshot/config.snapshot, potentially exposing credentials, internal settings, and other critical data.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.55275.

Exploitation poc

Automatable yes

Technical Impact partial

References

Link	Providers
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/barracuda_directory_traversal.rb
https://web.archive.org/web/20101004131244/http://secunia.com/advisories/41609/
https://www.exploit-db.com/exploits/15130
https://www.vulncheck.com/advisories/barracuda-multiple-products-locale-path-traversal

History

Thu, 20 Nov 2025 02:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Barracuda vpn Client
CPEs		cpe:2.3:a:barracuda:vpn_client:-:::::::* cpe:2.3:a:barracuda:web_application_firewall:::::::: cpe:2.3:a:barracuda:web_application_firewall:-:::::::*
Vendors & Products		Barracuda vpn Client

Sat, 23 Aug 2025 12:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Barracuda Barracuda web Application Firewall Barracudanetworks Barracudanetworks barracuda Ssl Vpn Barracudanetworks spam & Virus Firewall 600
Vendors & Products		Barracuda Barracuda web Application Firewall Barracudanetworks Barracudanetworks barracuda Ssl Vpn Barracudanetworks spam & Virus Firewall 600

Fri, 22 Aug 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 21 Aug 2025 20:15:00 +0000

Type	Values Removed	Values Added
Description		Barracuda products, confirmed in Spam & Virus Firewall, SSL VPN, and Web Application Firewall versions prior to October 2010, contain a path traversal vulnerability in the view_help.cgi endpoint. The locale parameter fails to properly sanitize user input, allowing attackers to inject traversal sequences and null-byte terminators to access arbitrary files on the underlying system. By exploiting this flaw, unauthenticated remote attackers can retrieve sensitive configuration files such as /mail/snapshot/config.snapshot, potentially exposing credentials, internal settings, and other critical data.
Title		Barracuda Spam & Virus Firewall "locale" Path Traversal
Weaknesses		CWE-22
References		https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/barracuda_directory_traversal.rb https://web.archive.org/web/20101004131244/http://secunia.com/advisories/41609/ https://www.exploit-db.com/exploits/15130 https://www.vulncheck.com/advisories/barracuda-multiple-products-locale-path-traversal
Metrics		cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}`

Subscriptions

Barracuda Vpn Client Web Application Firewall

Barracudanetworks Barracuda Ssl Vpn Spam & Virus Firewall 600

MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2025-08-21T20:09:03.535Z

Updated: 2026-05-15T11:13:31.357Z

Reserved: 2025-08-20T18:00:00.783Z

Link: CVE-2010-20109

Vulnrichment

Updated: 2025-08-22T14:02:39.692Z

NVD

Status : Deferred

Published: 2025-08-21T20:15:30.870

Modified: 2026-04-15T00:35:42.020

Link: CVE-2010-20109

Redhat

No data.

OpenCVE Enrichment

Updated: 2025-08-23T11:53:18Z

Weaknesses

CWE-22

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Exploitation poc

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object