1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: Lenovo LANDesk ThinkManagement CVE-2012-1195

Attack: Lenovo LANDesk ThinkManagement CVE-2012-1195

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a security-bypass vulnerability in Lenovo ThinkManagement Console.

Additional Information

Lenovo ThinkManagement Console is software to provide centralized inventory and reporting for Lenovo systems.

Lenovo ThinkManagement Console is prone to multiple security-bypass vulnerabilities:

1. A security-bypass vulnerability due to an error in ServerSetup web service '/landesk/managementsuite/core/core.anonymous/ServerSetup.asmx' allowing unauthenticated access to SOAP-based operations. An attacker can exploit this issue to upload an arbitrary file to the web root through the 'PutUpdateFileCore' command in a 'RunAMTCommand' operation.

2. A security-bypass vulnerability due to an input validation error in the VulCore web service '/WSVulnerabilityCore/VulCore.asmx' when processing certain SOAP-based operations. An attacker can exploit this issue to delete an arbitrary file through directory traversal sequences passed in the 'filename' parameter to the 'SetTaskLogByFile' operation.

Successfully exploiting these issues will allow attackers to bypass security restrictions and perform unauthorized actions.

Lenovo ThinkManagement Console 9.0.3 is vulnerable; other versions may also be affected.

Affected

  • Lenovo ThinkManagement Console 9.0.3 is vulnerable; other versions may also be affected.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube