CVE-2010-20109: Barracuda Spam & Virus Firewall "locale" Path Traversal

Q: What is the severity of CVE-2010-20109?

CVE-2010-20109 is considered a medium severity vulnerability due to its potential for unauthorized file access.

Q: How do I fix CVE-2010-20109?

To fix CVE-2010-20109, upgrade to the latest versions of Barracuda Spam & Virus Firewall, SSL VPN, or Web Application Firewall released after October 2010.

Q: What products are affected by CVE-2010-20109?

CVE-2010-20109 affects Barracuda Spam & Virus Firewall, Barracuda SSL VPN, and Barracuda Web Application Firewall versions prior to October 2010.

Q: Can CVE-2010-20109 lead to data breaches?

Yes, CVE-2010-20109 can potentially allow attackers to access sensitive files, leading to data breaches.

Q: What type of vulnerability is CVE-2010-20109?

CVE-2010-20109 is classified as a path traversal vulnerability that allows unauthorized file access through improper input validation.

Published Aug 21, 2025

Updated

Barracuda products, confirmed in Spam & Virus Firewall, SSL VPN, and Web Application Firewall versions prior to October 2010, contain a path traversal vulnerability in the view_help.cgi endpoint. The locale parameter fails to properly sanitize user input, allowing attackers to inject traversal sequences and null-byte terminators to access arbitrary files on the underlying system. By exploiting this flaw, unauthenticated remote attackers can retrieve sensitive configuration files such as /mail/snapshot/config.snapshot, potentially exposing credentials, internal settings, and other critical data.

Affected Software

3 affected components

Barracuda Spam & Virus Firewall<2010-10-01

Barracuda SSL VPN<2010-10-01

Barracuda Web Application Firewall<2010-10-01

Event History

Aug 21, 2025

CVE Published

via MITRE·08:09 PM

Data Sourced

via MITRE·08:09 PM

DescriptionWeakness

Data Sourced

via NVD·08:15 PM

DescriptionSeverityWeakness

Frequently Asked Questions

What is the severity of CVE-2010-20109?

CVE-2010-20109 is considered a medium severity vulnerability due to its potential for unauthorized file access.

How do I fix CVE-2010-20109?

To fix CVE-2010-20109, upgrade to the latest versions of Barracuda Spam & Virus Firewall, SSL VPN, or Web Application Firewall released after October 2010.

What products are affected by CVE-2010-20109?

CVE-2010-20109 affects Barracuda Spam & Virus Firewall, Barracuda SSL VPN, and Barracuda Web Application Firewall versions prior to October 2010.

Can CVE-2010-20109 lead to data breaches?

Yes, CVE-2010-20109 can potentially allow attackers to access sensitive files, leading to data breaches.

What type of vulnerability is CVE-2010-20109?

CVE-2010-20109 is classified as a path traversal vulnerability that allows unauthorized file access through improper input validation.

CVSS Score

8.7High

High Severity

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Security Metrics

Risk Score47

Severityhigh(8.7)

CWE

Timeline

PublishedAug 21, 2025

Updated

References

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.