HomeIntelligenceBrief
VULNERABILITY BRIEF🟡 Medium Vulnerability

CVE-2026-9774: Authenticated Directory Traversal Enables Arbitrary File Deletion in ATEN Unizon

A directory‑traversal flaw (CVE‑2026‑9774) in ATEN Unizon’s updateLicense routine lets an authenticated attacker delete arbitrary files, potentially causing service disruption. For SOC 2‑compliant organizations, the issue highlights the importance of privileged‑access controls, continuous monitoring, and documented patch management.

LiveThreat™ Intelligence · 📅 June 25, 2026· 📰 zerodayinitiative.com
🟡
Severity
Medium
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
4 recommended
📰
Source
zerodayinitiative.com

CVE-2026-9774: ATEN Unizon updateLicense Directory Traversal Arbitrary File Deletion Vulnerability

What It Is — ATEN’s Unizon remote‑management appliance contains a directory‑traversal flaw in the updateLicense method that lets an authenticated attacker supply an arbitrary path and cause the system to delete files. The issue does not expose data but can be leveraged to disrupt services or erase critical configuration files.

Exploitability — CVSS 5.5 (Medium). Exploits require valid credentials (PR:H) and no public exploit code is known; however, the attack vector is network‑visible (AV:N) and the required user interaction is none (UI:N).

Affected Products — ATEN Unizon series (all firmware versions prior to the vendor‑issued patch).

Why It Matters for Compliance & Audit Readiness

  • Access‑control hygiene – The vulnerability is only exploitable after authentication, underscoring the need for strict privileged‑account policies, MFA, and least‑privilege segregation required by SOC 2 CC6.1.
  • Continuous monitoring – Detecting anomalous file‑deletion activity provides audit‑ready evidence that controls are operating as intended; logs must be retained and correlated with privileged‑access reviews.
  • Patch‑management evidence – Demonstrating timely remediation (patch applied, version inventory) satisfies the Change Management criteria of SOC 2 CC7.2 and reassures enterprise customers during security‑due‑diligence.

Recommended Actions

  • Deploy ATEN’s security update for Unizon immediately and verify firmware version.
  • Review and tighten privileged‑account permissions on Unizon devices; enforce MFA where possible.
  • Enable detailed audit logging for file‑system operations and integrate logs into a SIEM for real‑time alerting.
  • Conduct a post‑patch validation scan to confirm the vulnerability is mitigated.
  • Document the remediation steps in your change‑management system to provide audit evidence.

Source: Zero Day Initiative advisory ZDI‑26‑378 (CVE‑2026‑9774)

📰 Original Source
http://www.zerodayinitiative.com/advisories/ZDI-26-378/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · SOC 2 Readiness

Could you prove your access controls held up here?

Credential and access failures map directly to SOC 2 access-control criteria. The Verisq AI Trust Operations platform shows where your evidence is thin before an auditor — or an attacker — finds out.

Explore the Verisq AI Trust Operations platform →