Skip to main content

ATEN Unizon CVE-2026-9777

| EUVDEUVD-2026-39115 HIGH
Path Traversal (CWE-22)
2026-06-24 zdi GHSA-pqwm-59vh-j99g
7.2
CVSS 3.0 · Vendor: zdi
Share

Severity by source

Vendor (zdi) PRIMARY
7.2 HIGH
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
7.2 HIGH

Network-reachable restore function (AV:N/AC:L) gated by administrative authentication (PR:H), no user interaction, and SYSTEM-context code execution yielding full C/I/A impact.

3.1 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (zdi).

CVSS VectorVendor: zdi

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jun 24, 2026 - 22:24 vuln.today

DescriptionCVE.org

ATEN Unizon restoreDB Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability.

The specific flaw exists within the restoreDB method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-28578.

AnalysisAI

Authenticated remote code execution in ATEN Unizon arises from a directory traversal flaw in the restoreDB method, where a user-supplied path is used in file operations without validation, letting a high-privileged attacker write or restore files outside the intended directory and run code as SYSTEM. The flaw was reported through Trend Micro's Zero Day Initiative (ZDI-CAN-28578 / ZDI-26-381) and carries a CVSS 3.0 base score of 7.2 (PR:H). …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate to Unizon as high-privilege admin
Delivery
Reach restoreDB restore endpoint
Exploit
Submit backup path with ../ traversal
Execution
Write file outside intended directory
Impact
Execute arbitrary code as SYSTEM

Vulnerability AssessmentAI

Exploitation Exploitation requires authenticated access to ATEN Unizon at a high privilege level (CVSS PR:H) and the ability to invoke the restoreDB method, which performs database/backup restore file operations using a user-supplied path. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.0 vector (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H = 7.2 High) shows a network-reachable, low-complexity attack with full confidentiality/integrity/availability impact, but gated behind PR:H - the attacker must already hold high privileges (administrative authentication) on the Unizon application. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained or been granted high-privilege (administrative) access to the ATEN Unizon web interface invokes the restoreDB function with a database/backup path containing directory-traversal sequences. Because the path is not validated and the service runs as SYSTEM, the crafted restore writes attacker-controlled content to a sensitive filesystem location, yielding arbitrary code execution as SYSTEM. …
Remediation Patch available per vendor advisory - consult the ATEN security advisory at https://www.aten.com/global/en/supportcenter/info/security-advisory/30/ and apply the fixed Unizon release ATEN designates; an exact fix version was not provided in the available data, so verify the target version directly from that advisory. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify and inventory all ATEN Unizon installations; restrict administrative access to essential personnel only and implement full audit logging of administrative activities. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-9777 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy