LANDesk Lenovo ThinkManagement Console Remote Command Execution Exploit

This module exploits a file upload vulnerability in the LANDesk Lenovo ThinkManagement Console. Unrestricted file upload in andesk/managementsuite/core/core.anonymous/ServerSetup.asmx in the ServerSetup web service in Lenovo ThinkManagement Console allows remote attackers to execute arbitrary code by uploading a file with an executable extension via a PutUpdateFileCore command in a RunAMTCommand SOAP request.
Exploit type: 
Platform: 
Vulnerabilty ID: 
CVE-2012-1195
Product Version: 
12.3
Released Date: 
Thursday, May 24, 2012 - 00:00