Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Network-reachable management endpoint (AV:N, AC:L) but invoking updateWar requires high-privilege authentication (PR:H); a forged update yields full SYSTEM code execution, so C/I/A all High.
Primary rating from Vendor (zdi).
CVSS VectorVendor: zdi
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
ATEN Unizon doCryptoHugeFileToFile Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability.
The specific flaw exists within the updateWar method. The issue results from an incorrect implementation of cryptographic signature verification. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-28590.
AnalysisAI
Authenticated remote code execution in ATEN Unizon stems from a broken cryptographic signature check in the updateWar method (reachable via doCryptoHugeFileToFile), letting a high-privileged remote attacker push a forged WAR update and run arbitrary code as SYSTEM. The flaw (CWE-347) was reported by Trend Micro ZDI as ZDI-CAN-28590 and carries a CVSS 3.0 base score of 7.2; no public exploit identified at time of analysis.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires an authenticated session with high privileges on ATEN Unizon (CVSS PR:H) plus network access to the management interface exposing the updateWar update functionality. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals are moderate and internally consistent. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained valid high-privilege Unizon credentials (via phishing, credential reuse, or insider access) logs into the management interface and submits a maliciously crafted WAR update package. Because the updateWar signature verification is flawed, the forged package passes validation and is deployed, executing the attacker's code as SYSTEM and granting full control of the appliance. … |
| Remediation | Apply the fixed release referenced in ATEN's security advisory (https://www.aten.com/global/en/supportcenter/info/security-advisory/32/) once the exact build is identified - Patch available per vendor advisory, but no specific fix version is given in the provided data, so verify the patched version directly with ATEN. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all ATEN Unizon deployments and identify systems accessible to high-privileged accounts or internal networks. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Jwt Attack
View allWhy is Microsoft republishing a CVE from 2013? We are republishing CVE-2013-3900 in the Security Update Guide to update
Authentication bypass in SimpleHelp 5.5.15 and prior (plus 6.0 pre-release builds) allows remote unauthenticated attacke
Authentication bypass in Fortinet FortiOS, FortiProxy, and FortiSwitchManager allows unauthenticated remote attackers to
ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Rated critical severity (CVS
ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Rated critical severity (CVS
The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT
A library injection vulnerability exists in Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. Rated criti
A library injection vulnerability exists in the WebView.app helper app of Microsoft Teams (work or school) 24046.2813.27
A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app helper app of Microsoft Teams (work
The Ruby SAML library is for implementing the client side of a SAML authorization. Rated critical severity (CVSS 9.8), t
cosign is a container signing and verification utility. Rated critical severity (CVSS 9.8), this vulnerability is remote
Biscuit is an authentication and authorization token for microservices architectures. Rated critical severity (CVSS 9.8)
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39117
GHSA-2h8c-cmrc-4q5c