Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:C02C9B8856B6A74DAFE70AC9F4DC82F9
HistoryApr 27, 2012 - 12:00 a.m.

LANDesk ThinkManagement Suite ServerSetup.asmx Directory Traversal

2012-04-2700:00:00
SAINT Corporation
www.saintcorporation.com
22

EPSS

0.152

Percentile

95.9%

JSON

Added: 04/27/2012
CVE: CVE-2012-1195
BID: 52023
OSVDB: 79276

Background

LANDesk Lenovo ThinkManagement Console provides hardware discovery, comprehensive inventory, and reporting for Lenovo systems.

Problem

LANDesk Lenovo ThinkManagement Console runs a web application under the Microsoft IIS web server. This web application exposes some web services that do not require authentication. In versions up to 9.0.3, the ‘ServerSetup.asmx’ web service, which is accessible without authentication, is vulnerable to a file upload vulnerability. This can be exploited by an attacker to upload a malicious server-side script to the server, then request it via the web interface, causing its contents to be executed on the server. This allows the attacker control execution on the server.

Resolution

No updates are available at this time. Limit network access to the LANDesk Lenovo ThinkManagement Console to hosts to administrators only.

References

<http://secunia.com/advisories/47666&gt;
<http://retrogod.altervista.org/9sg_landesk_adv.htm&gt;
<http://community.landesk.com/support/docs/DOC-24787&gt;

Limitations

This exploit has been tested against LANDesk Lenovo ThinkManagement Suite 9.0.2 on Windows Server 2003 SP2 English (DEP OptOut). After successful exploitation, a file will be uploaded to /upl/exploit.asp on the server. When executed, a randomly named .EXE file will be created in the filesystem root. Both files should be manually removed after exploitation.

Platforms

Windows

Related

nessus 1
saint 3
exploitdb 2
cvelist 1
prion 1
nvd 1
d2 1
checkpoint_advisories 1
packetstorm 2
cve 1
dsquare 1
metasploit 1
zdt 1
seebug 1
nessus
nessus
Lenovo ThinkManagement Console RunAMTCommand Operation -PutUpdateFileCore Command Parsing Arbitrary File Upload
2012-04-10 00:00:00
saint
saint
LANDesk ThinkManagement Suite ServerSetup.asmx Directory Traversal
2012-04-27 00:00:00
LANDesk ThinkManagement Suite ServerSetup.asmx Directory Traversal
2012-04-27 00:00:00
LANDesk ThinkManagement Suite ServerSetup.asmx Directory Traversal
2012-04-27 00:00:00
exploitdb
exploitdb
LANDesk Lenovo ThinkManagement Suite 9.0.3 - Core Server Remote Code Execution
2012-03-19 00:00:00
LANDesk Lenovo ThinkManagement Console - Remote Command Execution (Metasploit)
2012-04-08 00:00:00
cvelist
cvelist
CVE-2012-1195
2012-02-18 00:00:00
prion
prion
Unrestricted file upload
2012-02-18 00:55:00
nvd
nvd
CVE-2012-1195
2012-02-18 00:55:02
d2
d2
DSquare Exploit Pack: D2SEC_THINKMNGT
2012-02-18 00:55:00
checkpoint_advisories
checkpoint_advisories
LANDesk ThinkManagement Suite ServerSetup.asmx Directory Traversal (CVE-2012-1195)
2012-06-11 00:00:00
packetstorm
packetstorm
LANDesk Lenovo ThinkManagement Suite 9.0.3 Code Execution
2012-03-19 00:00:00
LANDesk Lenovo ThinkManagement Console Remote Command Execution
2012-04-10 00:00:00
cve
cve
CVE-2012-1195
2012-02-18 00:55:02
dsquare
dsquare
Lenovo ThinkManagement Console 9.0.3 File Upload
2012-03-30 00:00:00
metasploit
metasploit
LANDesk Lenovo ThinkManagement Console Remote Command Execution
2012-04-07 17:04:17
zdt
zdt
LANDesk Lenovo ThinkManagement Console Remote Command Execution
2012-04-08 00:00:00
seebug
seebug
LANDesk Lenovo ThinkManagement Console Remote Command Execution
2012-04-12 00:00:00

EPSS

0.152

Percentile

95.9%

JSON
Related for SAINT:C02C9B8856B6A74DAFE70AC9F4DC82F9
nessus1saint3exploitdb2cvelist1prion1nvd1d21checkpoint_advisories1packetstorm2cve1dsquare1metasploit1zdt1seebug1