Description
An improper privilege vulnerability was reported in a BIOS customization feature of Lenovo Vantage on SMB notebook devices which could allow a local attacker to elevate privileges on the system. This vulnerability only affects Vantage installed on these devices: * Lenovo V Series (Gen 5) * ThinkBook 14 (Gen 6, 7) * ThinkBook 16 (Gen 6, 7) * ThinkPad E Series (Gen 1)
References (1)
Core 1
Core References
Various Sources
https://support.lenovo.com/us/en/product_security/LEN-183176
Scores
CVSS v3
7.8
EPSS
0.0017
EPSS Percentile
6.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-250
Status
published
Products (1)
Lenovo/Vantage
< 10.2501.15.0
Published
Feb 12, 2025
Tracked Since
Feb 18, 2026