What is CVE-2012-1196?

CVE-2012-1196 is a vulnerability in Landesk Lenovo_thinkmanagement_console, classified under Path Traversal. Published 2012-02-18.

Is CVE-2012-1196 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Landesk Lenovo_thinkmanagement_console

CVE-2012-1196

Directory traversal vulnerability in the VulCore web service (WSVulnerabilityCore/VulCore.asmx) in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to delete arbitrary files via a .. (dot dot) in the filename parameter in a Set…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.774 (99.0th percentile) — read the EPSS interpretation.

Affected products

Landesk Lenovo_thinkmanagement_console — versions 9.0.3
N/a — versions n/a

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

rapid7/metasploit-framework

References

1026693 (vdb-entry, x_refsource_SECTRACK)
52023 (vdb-entry, x_refsource_BID)
thinkmanagement-vulcore-dir-traversal(73208) (vdb-entry, x_refsource_XF)
79277 (x_refsource_OSVDB, vdb-entry)
47666 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)

Frequently asked questions

What is CVE-2012-1196?: CVE-2012-1196 is a vulnerability in Landesk Lenovo_thinkmanagement_console, classified under Path Traversal. Published 2012-02-18.
Is CVE-2012-1196 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.