📦

lenovo_thinkmanagement_console

Vendor: landesk

Actively Exploited 0 CISA KEV List

PoC / Exploits 2 Code Available

Total RCEs 1 Remote Access

Total CVEs 4 Total Indexed

Avg. EPSS 81.97% Exploit Prob.

Latest CVE CVE-2012-1196 Feb 18

Security Vulnerability Index

Page 1 / 1

5.0 CVSS

CVE-2012-1196

Exploit Found

Directory traversal vulnerability in the VulCore web service (WSVulnerabilityCore/VulCore.asmx) in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to delete arbitrary files via a .. (dot dot) in the filename parameter in a SetTaskLogByFile SOAP request.

EPSS: 77.39%

Severity: MEDIUM

Feb 18, 2012

7.5 CVSS

CVE-2012-1195

RCE Exploit Found

Unrestricted file upload vulnerability in andesk/managementsuite/core/core.anonymous/ServerSetup.asmx in the ServerSetup web service in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via a PutUpdateFileCore command in a RunAMTCommand SOAP request, then accessing the file via a direct request to the file in the web root.

EPSS: 86.54%

Severity: HIGH

Feb 18, 2012

Displaying 2 of 4 Total Entries

Total 1 Sections