CVE-2024-12673Execution with Unnecessary Privileges in Lenovo Vantage

CWE-250Execution with Unnecessary Privileges3 documents3 sources
Severity
8.5HIGHNVD
EPSS
0.1%
top 77.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Lenovo Vantage
Timeline
PublishedFeb 12

Description

An improper privilege vulnerability was reported in a BIOS customization feature of Lenovo Vantage on SMB notebook devices which could allow a local attacker to elevate privileges on the system. This vulnerability only affects Vantage installed on these devices: * Lenovo V Series (Gen 5) * ThinkBook 14 (Gen 6, 7) * ThinkBook 16 (Gen 6, 7) * ThinkPad E Series (Gen 1)

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages1 packages

CVEListV5lenovo/vantage< 10.2501.15.0

🔴Vulnerability Details

2
CVEList
CVE-2024-12673: An improper privilege vulnerability was reported in a BIOS customization feature of Lenovo Vantage on SMB notebook devices which could allow a local a2025-02-12
GHSA
GHSA-3hxq-f9p6-ww56: An improper privilege vulnerability was reported in a BIOS customization feature of Lenovo Vantage on SMB notebook devices which could allow a local a2025-02-12
CVE-2024-12673 — Execution with Unnecessary Privileges | cvebase