The Lenovo ThinkManagement Console contains a flaw related to the ServerSetup web service. The issue is due to the service allowing unauthenticated access to various SOAP-based operations. By issuing a '-PutUpdateFileCore' command in a 'RunAMTCommand' operation, a remote attacker can upload arbitrary files.
Remote / Network Access
Loss of Integrity
Patch / RCS
Currently, there are no known workarounds or upgrades to correct this issue. However, it has been reported that the vendor has released a patch to address this vulnerability. Check the vendor advisory or solution in the references section. It has not been confirmed that this addresses the problem, as the vendor advisory was submitted via an anonymous comment, and requires authentication.