Description
ATEN Unizon doCryptoHugeFileToFile Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability.

The specific flaw exists within the updateWar method. The issue results from an incorrect implementation of cryptographic signature verification. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-28590.
Published: 2026-06-24
Score: 7.2 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an improper verification of a cryptographic signature within of ATEN Unizon. Because the signature check is incorrectly implemented, an attacker that can supply an update payload can cause the system to execute arbitrary code in the SYSTEM context. The flaw is specifically failure (CWE‑347). Authentication is required to execute the exploit, but once authenticated the attacker can gain full control.

Affected Systems

The product affected is ATEN Unizon from vendor ATEN. No specific version information is provided in the advisory, so all installations of the Unizon product are potentially vulnerable until a patch is released.

Risk and Exploitability

The CVSS score of 7.2 classifies the vulnerability as high severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. Because authentication is required and the attack likely occurs through the updateWar routine, attackers need legitimate credentials to submit a malicious update payload. Once the signature is incorrectly validated, the payload runs with SYSTEM privileges, granting complete control over the affected installation.

Generated by OpenCVE AI on June 25, 2026 at 00:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check for and apply the latest ATEN Unizon patch that addresses the signature verification flaw.
  • Disable automatic or unattended updates until a vendor fix is available to prevent delivery of malicious files.
  • When updates are required, manually verify the cryptographic signature of the update package before installation.

Generated by OpenCVE AI on June 25, 2026 at 00:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Aten
Aten unizon
Vendors & Products Aten
Aten unizon

Thu, 25 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 24 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Description ATEN Unizon doCryptoHugeFileToFile Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The specific flaw exists within the updateWar method. The issue results from an incorrect implementation of cryptographic signature verification. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-28590.
Title ATEN Unizon doCryptoHugeFileToFile Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability
Weaknesses CWE-347
References
Metrics cvssV3_0

{'score': 7.2, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: zdi

Published:

Updated: 2026-06-25T13:10:35.745Z

Reserved: 2026-05-27T22:19:45.945Z

Link: CVE-2026-9779

cve-icon Vulnrichment

Updated: 2026-06-25T13:10:32.012Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T09:40:02Z

Weaknesses
  • CWE-347

    Improper Verification of Cryptographic Signature