CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12673
https://notcve.org/view.php?id=CVE-2024-12673
12 Feb 2025 — An improper privilege vulnerability was reported in a BIOS customization feature of Lenovo Vantage on SMB notebook devices which could allow a local attacker to elevate privileges on the system. This vulnerability only affects Vantage installed on these devices: * Lenovo V Series (Gen 5) * ThinkBook 14 (Gen 6, 7) * ThinkBook 16 (Gen 6, 7) * ThinkPad E Series (Gen 1) • https://support.lenovo.com/us/en/product_security/LEN-183176 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6044
https://notcve.org/view.php?id=CVE-2023-6044
19 Jan 2024 — A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker with physical access to impersonate Lenovo Vantage Service and execute arbitrary code with elevated privileges. Se informó una vulnerabilidad de escalada de privilegios en Lenovo Vantage que podría permitir que un atacante local con acceso físico se haga pasar por Lenovo Vantage Service y ejecute código arbitrario con privilegios elevados. • https://support.lenovo.com/us/en/product_security/LEN-144736 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6043
https://notcve.org/view.php?id=CVE-2023-6043
19 Jan 2024 — A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker to bypass integrity checks and execute arbitrary code with elevated privileges. Se informó de una vulnerabilidad de escalada de privilegios en Lenovo Vantage que podría permitir a un atacante local eludir las comprobaciones de integridad y ejecutar código arbitrario con privilegios elevados. • https://support.lenovo.com/us/en/product_security/LEN-144736 • CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8327
https://notcve.org/view.php?id=CVE-2020-8327
14 Apr 2020 — A privilege escalation vulnerability was reported in LenovoBatteryGaugePackage for Lenovo System Interface Foundation bundled in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to execute code with elevated privileges. Se reportó una vulnerabilidad de escalada de privilegios en LenovoBatteryGaugePackage para Lenovo System Interface Foundation incorporado en Lenovo Vantage versión 10.2003.10.0, que podría permitir a un usuario autenticado ejecutar código con privilegios el... • https://support.lenovo.com/us/en/product_security/LEN-30401 • CWE-269: Improper Privilege Management CWE-428: Unquoted Search Path or Element •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8316
https://notcve.org/view.php?id=CVE-2020-8316
14 Apr 2020 — A vulnerability was reported in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to read files on the system with elevated privileges. Se reportó una vulnerabilidad en Lenovo Vantage versiones anteriores a 10.2003.10.0, que podría permitir a un usuario autenticado leer archivos en el sistema con privilegios elevados. • https://support.lenovo.com/us/en/product_security/LEN-30401 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •