CVE-2010-20109
published 2025-08-21CVE-2010-20109: Barracuda products, confirmed in Spam & Virus Firewall, SSL VPN, and Web Application Firewall versions prior to October 2010, contain a path traversal…
PriorityP265high8.7CVSS 4.0
AVNACLATNPRNUINVCHVINVANSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
1.09%
61.1th percentile
Barracuda products, confirmed in Spam & Virus Firewall, SSL VPN, and Web Application Firewall versions prior to October 2010, contain a path traversal vulnerability in the view_help.cgi endpoint. The locale parameter fails to properly sanitize user input, allowing attackers to inject traversal sequences and null-byte terminators to access arbitrary files on the underlying system. By exploiting this flaw, unauthenticated remote attackers can retrieve sensitive configuration files such as /mail/snapshot/config.snapshot, potentially exposing credentials, internal settings, and other critical data.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| barracuda_networks | spam_virus_firewall | <= 4.1.1.021 | — |
| barracuda_networks | ssl_vpn | <= 2010-10 | — |
| barracuda_networks | web_application_firewall | <= 2010-10 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP requests to view_help.cgi where the 'locale' parameter contains path traversal sequences (e.g., '../') or null-byte terminators ('%00'), which are the exploitation mechanism for this vulnerability. ↗
- →Alert on unauthenticated HTTP requests to view_help.cgi targeting /mail/snapshot/config.snapshot, as this is the default target file used by known exploit modules to extract credentials and configuration data. ↗
- →Scope detection to Barracuda Spam & Virus Firewall, SSL VPN, and Web Application Firewall products running versions prior to October 2010, as these are the confirmed affected products. ↗
- ·Exploitation does not require authentication, meaning no session token or credential is needed to trigger the traversal and retrieve sensitive files. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/barracuda_directory_traversal.rbhttps://web.archive.org/web/20101004131244/http://secunia.com/advisories/41609/https://www.exploit-db.com/exploits/15130https://www.vulncheck.com/advisories/barracuda-multiple-products-locale-path-traversal
2025-08-21
Published