Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Unrestricted file upload vulnerability in andesk/managementsuite/core/core.anonymous/ServerSetup.asmx in the ServerSetup web service in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via a PutUpdateFileCore command in a RunAMTCommand SOAP request, then accessing the file via a direct request to the file in the web root.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Lenovo ThinkManagement Console无限制文件上传漏洞
Vulnerability Description
Lenovo ThinkManagement Console 9.0.3版本的ServerSetup网络服务中的andesk/managementsuite/core/core.anonymous/ServerSetup.asmx中存在无限制文件上传漏洞。远程攻击者可利用该漏洞借助RunAMTCommand SOAP请求中的PutUpdateFileCore命令,通过上传带有可执行扩展名的文件执行任意代码,然后借助网站根目录的直接请求,访问文件。
CVSS Information
N/A
Vulnerability Type
N/A