Skip to main content

ATEN Unizon CVE-2026-9775

| EUVDEUVD-2026-39113 MEDIUM
Path Traversal (CWE-22)
2026-06-24 zdi GHSA-cxx8-7x7p-5ccv
6.5
CVSS 3.1 · NVD
Share

Severity by source

Vendor (zdi) PRIMARY
MEDIUM
qualitative
NVD
6.5 MEDIUM
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
vuln.today AI
5.5 MEDIUM

Network-reachable uploadSSL endpoint but requires high-privilege authentication (PR:H); file deletion yields high availability impact (A:H) and minimal integrity effect (I:L) with no confidentiality exposure.

3.1 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
4.0 AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (zdi).

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High

Lifecycle Timeline

2
CVSS changed
Jun 27, 2026 - 19:07 NVD
5.5 (MEDIUM) 6.5 (MEDIUM)
Analysis Generated
Jun 24, 2026 - 22:28 vuln.today

DescriptionNVD

ATEN Unizon uploadSSL Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability.

The specific flaw exists within the uploadSSL method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files or create a denial-of-service condition on the system. Was ZDI-CAN-28503.

AnalysisAI

Arbitrary file deletion via directory traversal in ATEN Unizon's uploadSSL method allows authenticated remote attackers with high-privilege credentials to delete files anywhere on the underlying filesystem. All versions are indicated as affected by the wildcard CPE. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain high-privilege Unizon admin credentials
Delivery
Send crafted HTTP request to uploadSSL endpoint
Exploit
Inject directory traversal sequences in path parameter
Execution
Bypass missing path validation
Persist
Delete arbitrary filesystem files
Impact
Induce denial-of-service condition

Vulnerability AssessmentAI

Exploitation Exploitation requires valid high-privilege (administrator-level) credentials to the ATEN Unizon management interface, as confirmed by CVSS PR:H and explicitly stated in the description ('Authentication is required to exploit this vulnerability'). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS base score of 5.5 (Medium) accurately reflects the elevated authentication barrier (PR:H), which is the primary risk-limiting factor. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained high-privilege Unizon administrator credentials - whether through phishing, credential reuse, or a separate compromise - sends a crafted HTTP request to the uploadSSL endpoint with directory traversal sequences embedded in the path parameter, such as '../../etc/passwd' or targeting Unizon service files. The server, lacking proper path validation, processes the deletion against the traversed target outside the intended upload directory. …
Remediation Consult the ATEN vendor security advisory at https://www.aten.com/global/en/supportcenter/info/security-advisory/28/ and apply any vendor-released firmware or software update; an exact patched version number is not confirmed in the available input data, so the advisory should be checked directly for version-specific guidance. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-9775 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy