Path Traversal Vulnerability in Barracuda Spam & Virus Firewall and SSL VPN
CVE-2010-20109

8.7HIGH

Key Information:

Vendor

Barracuda Networks

Status
Spam & Virus Firewall
Ssl Vpn
Web Application Firewall
Vendor
CVE Published:
21 August 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2010-20109?

Barracuda products exhibit a path traversal vulnerability within the view_help.cgi endpoint. The inadequately sanitized locale parameter permits attackers to inject traversal sequences and null-byte terminators, enabling unauthorized access to sensitive files on the system. This flaw can lead to the retrieval of crucial configuration files such as /mail/snapshot/config.snapshot, which may expose confidential credentials, internal settings, and other significant data to unauthenticated remote attackers.

Affected Version(s)

Spam & Virus Firewall * <= 4.1.1.021

SSL VPN *

Web Application Firewall *

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2010-20109 - Proof of Concept

CVE-2010-20109 - Proof of Concept

References

https://www.exploit-db.com/exploits/15130
exploit
https://web.archive.org/web/20101004131244/http://secunia...
third-party-advisory
https://raw.githubusercontent.com/rapid7/metasploit-frame...
exploit

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

ShadowHatesYou
.
CVE-2010-20109 : Path Traversal Vulnerability in Barracuda Spam & Virus Firewall and SSL VPN