Unizon
Monthly
Authenticated remote code execution in ATEN Unizon stems from a broken cryptographic signature check in the updateWar method (reachable via doCryptoHugeFileToFile), letting a high-privileged remote attacker push a forged WAR update and run arbitrary code as SYSTEM. The flaw (CWE-347) was reported by Trend Micro ZDI as ZDI-CAN-28590 and carries a CVSS 3.0 base score of 7.2; no public exploit identified at time of analysis.
Authenticated remote code execution in ATEN Unizon arises from a directory traversal flaw in the ImportDeviceList method, where a user-supplied file path is used in file operations without proper validation. A high-privileged remote attacker can traverse outside intended directories to write or manipulate files and ultimately execute arbitrary code in the SYSTEM context, fully compromising the host. Discovered and reported via the Zero Day Initiative (ZDI-26-382 / ZDI-CAN-28579); no public exploit identified at time of analysis and it is not listed in CISA KEV.
Authenticated remote code execution in ATEN Unizon arises from a directory traversal flaw in the restoreDB method, where a user-supplied path is used in file operations without validation, letting a high-privileged attacker write or restore files outside the intended directory and run code as SYSTEM. The flaw was reported through Trend Micro's Zero Day Initiative (ZDI-CAN-28578 / ZDI-26-381) and carries a CVSS 3.0 base score of 7.2 (PR:H). There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.
Unauthenticated information disclosure in ATEN Unizon allows remote attackers to read arbitrary files from affected installations by abusing a path-traversal weakness in the writeFileToHttpServletResponse method. Because the underlying service runs with SYSTEM privileges, an attacker can exfiltrate sensitive files including configuration, credentials, and OS-level data. Cataloged via ZDI (ZDI-26-380 / ZDI-CAN-28505) with no public exploit identified at time of analysis; not listed in CISA KEV and no EPSS score was provided.
Arbitrary file deletion via directory traversal in ATEN Unizon's uploadSSL method allows authenticated remote attackers with high-privilege credentials to delete files anywhere on the underlying filesystem. All versions are indicated as affected by the wildcard CPE. Exploitation can be used to destroy configuration or system files, inducing a denial-of-service condition; no confirmed active exploitation or public exploit code has been identified at time of analysis.
Arbitrary file deletion in ATEN Unizon exposes all installations to destructive denial-of-service attacks via a path traversal flaw in the updateLicense method, reachable over the network by any authenticated high-privilege user. The CVSS PR:H constraint confirms exploitation requires high-privilege credentials, limiting opportunistic mass exploitation, but a motivated insider or attacker with stolen admin credentials can delete critical system files and render the host inoperable. No public exploit or CISA KEV listing has been identified at time of analysis, but the straightforward AC:L nature of the flaw means exploitation is trivial once credentials are obtained.
Authenticated remote code execution in ATEN Unizon stems from a broken cryptographic signature check in the updateWar method (reachable via doCryptoHugeFileToFile), letting a high-privileged remote attacker push a forged WAR update and run arbitrary code as SYSTEM. The flaw (CWE-347) was reported by Trend Micro ZDI as ZDI-CAN-28590 and carries a CVSS 3.0 base score of 7.2; no public exploit identified at time of analysis.
Authenticated remote code execution in ATEN Unizon arises from a directory traversal flaw in the ImportDeviceList method, where a user-supplied file path is used in file operations without proper validation. A high-privileged remote attacker can traverse outside intended directories to write or manipulate files and ultimately execute arbitrary code in the SYSTEM context, fully compromising the host. Discovered and reported via the Zero Day Initiative (ZDI-26-382 / ZDI-CAN-28579); no public exploit identified at time of analysis and it is not listed in CISA KEV.
Authenticated remote code execution in ATEN Unizon arises from a directory traversal flaw in the restoreDB method, where a user-supplied path is used in file operations without validation, letting a high-privileged attacker write or restore files outside the intended directory and run code as SYSTEM. The flaw was reported through Trend Micro's Zero Day Initiative (ZDI-CAN-28578 / ZDI-26-381) and carries a CVSS 3.0 base score of 7.2 (PR:H). There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.
Unauthenticated information disclosure in ATEN Unizon allows remote attackers to read arbitrary files from affected installations by abusing a path-traversal weakness in the writeFileToHttpServletResponse method. Because the underlying service runs with SYSTEM privileges, an attacker can exfiltrate sensitive files including configuration, credentials, and OS-level data. Cataloged via ZDI (ZDI-26-380 / ZDI-CAN-28505) with no public exploit identified at time of analysis; not listed in CISA KEV and no EPSS score was provided.
Arbitrary file deletion via directory traversal in ATEN Unizon's uploadSSL method allows authenticated remote attackers with high-privilege credentials to delete files anywhere on the underlying filesystem. All versions are indicated as affected by the wildcard CPE. Exploitation can be used to destroy configuration or system files, inducing a denial-of-service condition; no confirmed active exploitation or public exploit code has been identified at time of analysis.
Arbitrary file deletion in ATEN Unizon exposes all installations to destructive denial-of-service attacks via a path traversal flaw in the updateLicense method, reachable over the network by any authenticated high-privilege user. The CVSS PR:H constraint confirms exploitation requires high-privilege credentials, limiting opportunistic mass exploitation, but a motivated insider or attacker with stolen admin credentials can delete critical system files and render the host inoperable. No public exploit or CISA KEV listing has been identified at time of analysis, but the straightforward AC:L nature of the flaw means exploitation is trivial once credentials are obtained.