Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1195

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-1195
Last Modified 29 Feb 2012 12:00:00
Published 17 Feb 2012 07:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-1195

Summary

Unrestricted file upload vulnerability in andesk/managementsuite/core/core.anonymous/ServerSetup.asmx in the ServerSetup web service in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via a PutUpdateFileCore command in a RunAMTCommand SOAP request, then accessing the file via a direct request to the file in the web root.

Vulnerable Systems

Application

  • Landesk Lenovo Thinkmanagement Console 9.0.3


References

XF - thinkmanagement-serversetup-file-upload(73207)

SECTRACK - 1026693

BID - 52023

SECUNIA - 47666

OSVDB - 79276


Last Updated: 27 May 2016 10:58:18