Skip to main content

ATEN Unizon CVE-2026-9779

| EUVDEUVD-2026-39117 HIGH
Improper Verification of Cryptographic Signature (CWE-347)
2026-06-24 zdi GHSA-2h8c-cmrc-4q5c
7.2
CVSS 3.0 · Vendor: zdi
Share

Severity by source

Vendor (zdi) PRIMARY
7.2 HIGH
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
7.2 HIGH

Network-reachable management endpoint (AV:N, AC:L) but invoking updateWar requires high-privilege authentication (PR:H); a forged update yields full SYSTEM code execution, so C/I/A all High.

3.1 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (zdi).

CVSS VectorVendor: zdi

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jun 24, 2026 - 22:25 vuln.today

DescriptionCVE.org

ATEN Unizon doCryptoHugeFileToFile Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability.

The specific flaw exists within the updateWar method. The issue results from an incorrect implementation of cryptographic signature verification. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-28590.

AnalysisAI

Authenticated remote code execution in ATEN Unizon stems from a broken cryptographic signature check in the updateWar method (reachable via doCryptoHugeFileToFile), letting a high-privileged remote attacker push a forged WAR update and run arbitrary code as SYSTEM. The flaw (CWE-347) was reported by Trend Micro ZDI as ZDI-CAN-28590 and carries a CVSS 3.0 base score of 7.2; no public exploit identified at time of analysis.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain high-privilege Unizon credentials
Delivery
Authenticate to management interface
Exploit
Submit forged WAR update package
Execution
Bypass flawed signature check in updateWar
Persist
Deploy malicious application
Impact
Execute arbitrary code as SYSTEM

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated session with high privileges on ATEN Unizon (CVSS PR:H) plus network access to the management interface exposing the updateWar update functionality. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are moderate and internally consistent. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained valid high-privilege Unizon credentials (via phishing, credential reuse, or insider access) logs into the management interface and submits a maliciously crafted WAR update package. Because the updateWar signature verification is flawed, the forged package passes validation and is deployed, executing the attacker's code as SYSTEM and granting full control of the appliance. …
Remediation Apply the fixed release referenced in ATEN's security advisory (https://www.aten.com/global/en/supportcenter/info/security-advisory/32/) once the exact build is identified - Patch available per vendor advisory, but no specific fix version is given in the provided data, so verify the patched version directly with ATEN. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all ATEN Unizon deployments and identify systems accessible to high-privileged accounts or internal networks. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2013-3900 MEDIUM
5.5 Dec 11

Why is Microsoft republishing a CVE from 2013? We are republishing CVE-2013-3900 in the Security Update Guide to update

CVE-2026-48558 CRITICAL POC
9.5 Jun 12

Authentication bypass in SimpleHelp 5.5.15 and prior (plus 6.0 pre-release builds) allows remote unauthenticated attacke

CVE-2025-59718 CRITICAL
9.8 Dec 09

Authentication bypass in Fortinet FortiOS, FortiProxy, and FortiSwitchManager allows unauthenticated remote attackers to

CVE-2025-25291 CRITICAL POC
9.3 Mar 12

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Rated critical severity (CVS

CVE-2025-25292 CRITICAL POC
9.3 Mar 12

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Rated critical severity (CVS

CVE-2022-25898 CRITICAL POC
9.8 Jul 01

The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT

CVE-2024-42004 CRITICAL POC
9.8 Dec 18

A library injection vulnerability exists in Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. Rated criti

CVE-2024-41145 CRITICAL POC
9.8 Dec 18

A library injection vulnerability exists in the WebView.app helper app of Microsoft Teams (work or school) 24046.2813.27

CVE-2024-41138 CRITICAL POC
9.8 Dec 18

A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app helper app of Microsoft Teams (work

CVE-2024-45409 CRITICAL POC
9.8 Sep 10

The Ruby SAML library is for implementing the client side of a SAML authorization. Rated critical severity (CVSS 9.8), t

CVE-2022-35929 CRITICAL POC
9.8 Aug 04

cosign is a container signing and verification utility. Rated critical severity (CVSS 9.8), this vulnerability is remote

CVE-2022-31053 CRITICAL POC
9.8 Jun 13

Biscuit is an authentication and authorization token for microservices architectures. Rated critical severity (CVSS 9.8)

Share

CVE-2026-9779 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy