Description
ATEN Unizon doCryptoHugeFileToFile Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability.

The specific flaw exists within the updateWar method. The issue results from an incorrect implementation of cryptographic signature verification. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-28590.
Published: 2026-06-24
Score: 7.2 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an improper verification of a cryptographic signature within of ATEN Unizon. Because the signature check is incorrectly implemented, an attacker that can supply an update payload can cause the system to execute arbitrary code in the SYSTEM context. The flaw is specifically failure (CWE‑347). Authentication is required to execute the exploit, but once authenticated the attacker can gain full control.

Affected Systems

The product affected is ATEN Unizon from vendor ATEN. No specific version information is provided in the advisory, so all installations of the Unizon product are potentially vulnerable until a patch is released.

Risk and Exploitability

The CVSS score of 7.2 classifies the vulnerability as high severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. Because authentication is required and the attack likely occurs through the updateWar routine, attackers need legitimate credentials to submit a malicious update payload. Once the signature is incorrectly validated, the payload runs with SYSTEM privileges, granting complete control over the affected installation.

Generated by OpenCVE AI on June 25, 2026 at 00:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check for and apply the latest ATEN Unizon patch that addresses the signature verification flaw.
  • Disable automatic or unattended updates until a vendor fix is available to prevent delivery of malicious files.
  • When updates are required, manually verify the cryptographic signature of the update package before installation.

Generated by OpenCVE AI on June 25, 2026 at 00:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 24 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Description ATEN Unizon doCryptoHugeFileToFile Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The specific flaw exists within the updateWar method. The issue results from an incorrect implementation of cryptographic signature verification. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-28590.
Title ATEN Unizon doCryptoHugeFileToFile Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability
Weaknesses CWE-347
References
Metrics cvssV3_0

{'score': 7.2, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: zdi

Published:

Updated: 2026-06-24T21:37:16.409Z

Reserved: 2026-05-27T22:19:45.945Z

Link: CVE-2026-9779

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T00:30:03Z

Weaknesses
  • CWE-347

    Improper Verification of Cryptographic Signature