Improper Privilege Vulnerability in Lenovo Vantage on SMB Notebooks
CVE-2024-12673

8.5HIGH

Key Information:

Vendor: Lenovo
Status: Vantage
Vendor: CVE Published:; 12 February 2025

What is CVE-2024-12673?

An improper privilege vulnerability exists in the BIOS customization feature of Lenovo Vantage designed for SMB notebook devices, enabling a local attacker to enhance their privileges on the system. This issue compromises security on affected Lenovo devices, including specific models from the V Series, ThinkBook, and ThinkPad E Series, potentially allowing unauthorized users to execute sensitive actions that should be restricted.

Affected Version(s)

Vantage 0 < 10.2501.15.0

References

https://support.lenovo.com/us/en/product_security/LEN-183176

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 12, 2025
Vulnerability Reserved
Dec 16, 2024

Credit

Lenovo thanks xmcp for reporting this issue.