CVE-2012-1195

Published: 18/02/2012 Updated: 29/08/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Unrestricted file upload vulnerability in andesk/managementsuite/core/core.anonymous/ServerSetup.asmx in the ServerSetup web service in Lenovo ThinkManagement Console 9.0.3 allows remote malicious users to execute arbitrary code by uploading a file with an executable extension via a PutUpdateFileCore command in a RunAMTCommand SOAP request, then accessing the file via a direct request to the file in the web root.

Vulnerable Product	Search on Vulmon	Subscribe to Product
landesk lenovo thinkmanagement console 9.0.3

LANDesk Lenovo ThinkManagement Suite 903 Core Server AMTConfigBusinessdll RunAMTCommand Remote Code Execution Vulnerability Tested against: Microsoft Windows Server 2003 r2 sp2 Software home page: wwwlandeskcom/lenovo/thinkmanagement-consoleaspx Download url: wwwlandeskcom/downloads/lenovo/50aspx Files tested: ThinkMan ...

## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # web site for more information on licensing and terms of use # metasploitcom/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit ...

CWE-264 http://www.securitytracker.com/id?1026693 http://osvdb.org/79276 http://secunia.com/advisories/47666 http://www.securityfocus.com/bid/52023 https://exchange.xforce.ibmcloud.com/vulnerabilities/73207 https://nvd.nist.gov https://www.exploit-db.com/exploits/18622/

CVE-2012-1195

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect