Description
Barracuda products, confirmed in Spam & Virus Firewall, SSL VPN, and Web Application Firewall versions prior to October 2010, contain a path traversal vulnerability in the view_help.cgi endpoint. The locale parameter fails to properly sanitize user input, allowing attackers to inject traversal sequences and null-byte terminators to access arbitrary files on the underlying system. By exploiting this flaw, unauthenticated remote attackers can retrieve sensitive configuration files such as /mail/snapshot/config.snapshot, potentially exposing credentials, internal settings, and other critical data.
CVSS breakdown
CVSS 4.0
Attack Vector
Network
Attack Complexity
Low
Attack Requirements
None
Privileges Required
None
User Interaction
None
Confidentiality (Vulnerable System)
High
Integrity (Vulnerable System)
None
Availability (Vulnerable System)
None
Confidentiality (Subsequent System)
None
Integrity (Subsequent System)
None
Availability (Subsequent System)
None
Affected products
- Barracuda Networks / Spam & Virus Firewall0 – 4.1.1.021
- Barracuda Networks / SSL VPN0 – 2010-10
- Barracuda Networks / Web Application Firewall0 – 2010-10
References
- EXPLOIThttps://www.exploit-db.com/exploits/15130
- VENDOR_ADVISORYhttps://web.archive.org/web/20101004131244/http://secunia.com/advisories/41609/
- EXPLOIThttps://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/barracuda_directory_traversal.rb
- VENDOR_ADVISORYhttps://www.vulncheck.com/advisories/barracuda-multiple-products-locale-path-traversal