Privilege Escalation in Lenovo Vantage Affects User Security
CVE-2023-6043

7.8HIGH

Key Information:

Vendor: Lenovo
Status: Vantage
Vendor: CVE Published:; 19 January 2024

Summary

A vulnerability in Lenovo Vantage has been identified, allowing local attackers to potentially escalate their privileges by bypassing crucial integrity checks. This flaw could lead to the execution of arbitrary code, presenting a significant risk to the security of affected systems. Users maintaining Lenovo Vantage are advised to monitor for updates and take precautionary measures to safeguard their environments. For detailed information, refer to the official Lenovo security advisory.

Affected Version(s)

Vantage < 4.0.49.0

References

https://support.lenovo.com/us/en/product_security/LEN-144736

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 19, 2024
Vulnerability Reserved
Nov 8, 2023

Credit

Lenovo thanks Steffen Langenfeld for reporting these issues.