Authenticated Directory Traversal in ATEN Unizon (CVE‑2026‑9775) Enables Arbitrary File Deletion
What It Is – ATEN disclosed CVE‑2026‑9775, a directory‑traversal flaw in the uploadSSL method of its Unizon video‑distribution platform. An authenticated remote attacker can supply a crafted path, bypass validation, and cause the system to delete arbitrary files.
Exploitability – The vulnerability requires valid credentials (PR:H) and a network‑reachable host (AV:N). No public exploit code is known, but the low attack complexity (AC:L) and high impact on availability (A:H) give attackers a practical path once they obtain access. CVSS 5.5 (moderate).
Affected Products – ATEN Unizon (all firmware versions prior to the vendor‑released patch).
Why It Matters for Compliance & Audit Readiness
- Control Mapping – The flaw maps directly to SOC 2 CC6.1 (System Operations) and CC7.1 (Change Management). Demonstrating that you have identified, documented, and remediated such gaps is essential audit evidence.
- Continuous Evidence – Ongoing monitoring of firmware versions and file‑system integrity provides a defensible trail that auditors expect for “in‑process” controls.
- Vendor‑Device Assurance – Enterprise buyers increasingly demand proof that third‑party hardware is patched and that remediation steps are recorded in a trusted audit repository.
Recommended Actions
- Apply ATEN’s security update immediately and verify the firmware version on all Unizon devices.
- Conduct a post‑patch integrity check of critical system directories; log findings in your change‑management system.
- Map the vulnerability to the relevant SOC 2 controls (CC6.1, CC7.1) and capture remediation evidence in a centralized compliance repository.
- Integrate continuous monitoring of device patch levels into your configuration‑management database (CMDB) to surface future gaps automatically.