Skip to main content

ATEN Unizon EUVDEUVD-2026-39112

| CVE-2026-9774 MEDIUM
Path Traversal (CWE-22)
2026-06-24 zdi GHSA-mj86-56mg-7pmq
6.5
CVSS 3.1 · NVD
Share

Severity by source

Vendor (zdi) PRIMARY
MEDIUM
qualitative
NVD
6.5 MEDIUM
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
vuln.today AI
5.5 MEDIUM

PR:H confirmed by description and original vector; C:N because only deletion is possible; A:H reflects arbitrary file removal causing full host unavailability.

3.1 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
4.0 AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (zdi).

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High

Lifecycle Timeline

2
CVSS changed
Jun 27, 2026 - 19:07 NVD
5.5 (MEDIUM) 6.5 (MEDIUM)
Analysis Generated
Jun 24, 2026 - 22:28 vuln.today

DescriptionNVD

ATEN Unizon updateLicense Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability.

The specific flaw exists within the updateLicense method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files or create a denial-of-service condition on the system. Was ZDI-CAN-28502.

AnalysisAI

Arbitrary file deletion in ATEN Unizon exposes all installations to destructive denial-of-service attacks via a path traversal flaw in the updateLicense method, reachable over the network by any authenticated high-privilege user. The CVSS PR:H constraint confirms exploitation requires high-privilege credentials, limiting opportunistic mass exploitation, but a motivated insider or attacker with stolen admin credentials can delete critical system files and render the host inoperable. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain high-privilege Unizon credentials
Delivery
Authenticate to Unizon management interface
Exploit
Craft path traversal sequence in updateLicense file path parameter
Execution
Submit malicious license update request
Persist
Server deletes targeted arbitrary file
Impact
Cause denial-of-service or system instability on Unizon host

Vulnerability AssessmentAI

Exploitation High-privilege authentication to ATEN Unizon is explicitly required per the vulnerability description and confirmed by the CVSS PR:H metric - unauthenticated exploitation is not possible under any known configuration. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.0 Medium score of 5.5 (AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H) accurately captures the primary limiting factor: high-privilege authentication is mandatory, substantially narrowing the realistic attacker population to insiders, compromised admin accounts, or credential-theft scenarios. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has acquired high-privilege Unizon credentials - through phishing, credential stuffing, or insider access - authenticates to the Unizon management interface and submits a crafted license update request to the updateLicense endpoint containing a path traversal sequence (e.g., ../../etc/cron.d/scheduled-task or targeting Unizon application binaries) as the file path parameter. The server processes the deletion without path validation, removing the targeted file from the host filesystem. …
Remediation Consult the ATEN vendor security advisory at https://www.aten.com/global/en/supportcenter/info/security-advisory/27/ and apply any available patch immediately - no exact fixed version was confirmed from the available input data, so the advisory should be treated as the authoritative source for upgrade guidance. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-39112 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy