This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects attempts to exploit a security-bypass vulnerability in Lenovo ThinkManagement Console.
Lenovo ThinkManagement Console is software to provide centralized inventory and reporting for Lenovo systems.
Lenovo ThinkManagement Console is prone to multiple security-bypass vulnerabilities:
1. A security-bypass vulnerability due to an error in ServerSetup web service '/landesk/managementsuite/core/core.anonymous/ServerSetup.asmx' allowing unauthenticated access to SOAP-based operations. An attacker can exploit this issue to upload an arbitrary file to the web root through the 'PutUpdateFileCore' command in a 'RunAMTCommand' operation.
2. A security-bypass vulnerability due to an input validation error in the VulCore web service '/WSVulnerabilityCore/VulCore.asmx' when processing certain SOAP-based operations. An attacker can exploit this issue to delete an arbitrary file through directory traversal sequences passed in the 'filename' parameter to the 'SetTaskLogByFile' operation.
Successfully exploiting these issues will allow attackers to bypass security restrictions and perform unauthorized actions.
Lenovo ThinkManagement Console 9.0.3 is vulnerable; other versions may also be affected.
- Lenovo ThinkManagement Console 9.0.3 is vulnerable; other versions may also be affected.