Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1195


Vulnerability Score 7.5 7.5
CVE Id CVE-2012-1195
Last Modified 29 Feb 2012 12:00:00
Published 17 Feb 2012 07:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



Unrestricted file upload vulnerability in andesk/managementsuite/core/core.anonymous/ServerSetup.asmx in the ServerSetup web service in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via a PutUpdateFileCore command in a RunAMTCommand SOAP request, then accessing the file via a direct request to the file in the web root.

Vulnerable Systems


  • Landesk Lenovo Thinkmanagement Console 9.0.3


XF - thinkmanagement-serversetup-file-upload(73207)

SECTRACK - 1026693

BID - 52023

SECUNIA - 47666

OSVDB - 79276

Last Updated: 27 May 2016 10:58:18