Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
PR:H confirmed by description and original vector; C:N because only deletion is possible; A:H reflects arbitrary file removal causing full host unavailability.
Primary rating from Vendor (zdi).
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Lifecycle Timeline
2DescriptionNVD
ATEN Unizon updateLicense Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability.
The specific flaw exists within the updateLicense method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files or create a denial-of-service condition on the system. Was ZDI-CAN-28502.
AnalysisAI
Arbitrary file deletion in ATEN Unizon exposes all installations to destructive denial-of-service attacks via a path traversal flaw in the updateLicense method, reachable over the network by any authenticated high-privilege user. The CVSS PR:H constraint confirms exploitation requires high-privilege credentials, limiting opportunistic mass exploitation, but a motivated insider or attacker with stolen admin credentials can delete critical system files and render the host inoperable. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | High-privilege authentication to ATEN Unizon is explicitly required per the vulnerability description and confirmed by the CVSS PR:H metric - unauthenticated exploitation is not possible under any known configuration. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.0 Medium score of 5.5 (AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H) accurately captures the primary limiting factor: high-privilege authentication is mandatory, substantially narrowing the realistic attacker population to insiders, compromised admin accounts, or credential-theft scenarios. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has acquired high-privilege Unizon credentials - through phishing, credential stuffing, or insider access - authenticates to the Unizon management interface and submits a crafted license update request to the updateLicense endpoint containing a path traversal sequence (e.g., ../../etc/cron.d/scheduled-task or targeting Unizon application binaries) as the file path parameter. The server processes the deletion without path validation, removing the targeted file from the host filesystem. … |
| Remediation | Consult the ATEN vendor security advisory at https://www.aten.com/global/en/supportcenter/info/security-advisory/27/ and apply any available patch immediately - no exact fixed version was confirmed from the available input data, so the advisory should be treated as the authoritative source for upgrade guidance. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Unauthenticated information disclosure in ATEN Unizon allows remote attackers to read arbitrary files from affected inst
Authenticated remote code execution in ATEN Unizon arises from a directory traversal flaw in the ImportDeviceList method
Authenticated remote code execution in ATEN Unizon arises from a directory traversal flaw in the restoreDB method, where
Authenticated remote code execution in ATEN Unizon stems from a broken cryptographic signature check in the updateWar me
Arbitrary file deletion via directory traversal in ATEN Unizon's uploadSSL method allows authenticated remote attackers
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39112
GHSA-mj86-56mg-7pmq