GHSA-3hxq-f9p6-ww56

Опубликовано: 12 фев. 2025

Источник: github

Github: Не прошло ревью

CVSS4: 8.5

CVSS3: 7.8

Описание

An improper privilege vulnerability was reported in a BIOS customization feature of Lenovo Vantage on SMB notebook devices which could allow a local attacker to elevate privileges on the system.

This vulnerability only affects Vantage installed on these devices:

Lenovo V Series (Gen 5)
ThinkBook 14 (Gen 6, 7)
ThinkBook 16 (Gen 6, 7)
ThinkPad E Series (Gen 1)

An improper privilege vulnerability was reported in a BIOS customization feature of Lenovo Vantage on SMB notebook devices which could allow a local attacker to elevate privileges on the system.

This vulnerability only affects Vantage installed on these devices:

Lenovo V Series (Gen 5)
ThinkBook 14 (Gen 6, 7)
ThinkBook 16 (Gen 6, 7)
ThinkPad E Series (Gen 1)

Ссылки

EPSS

Процентиль: 8%

0.00029

Низкий

8.5 High

CVSS4

7.8 High

CVSS3

CVE ID

CVE-2024-12673

Дефекты

CWE-250

Связанные уязвимости

CVE-2024-12673

CVSS3: 7.8

nvd

12 месяцев назад

An improper privilege vulnerability was reported in a BIOS customization feature of Lenovo Vantage on SMB notebook devices which could allow a local attacker to elevate privileges on the system. This vulnerability only affects Vantage installed on these devices: * Lenovo V Series (Gen 5) * ThinkBook 14 (Gen 6, 7) * ThinkBook 16 (Gen 6, 7) * ThinkPad E Series (Gen 1)

BDU:2025-11586

CVSS3: 7.8

fstec

12 месяцев назад

Уязвимость программного обеспечения Lenovo Vantage, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 8%

0.00029

Низкий

8.5 High

CVSS4

7.8 High

CVSS3

CVE ID

CVE-2024-12673

Дефекты

CWE-250