CVE-2024-12673

Name of the Vulnerable Software and Affected Versions Lenovo Vantage versions on Lenovo V Series (Gen 5) Lenovo Vantage versions on ThinkBook 14 (Gen 6, 7) Lenovo Vantage versions on ThinkBook 16 (Gen 6, 7) Lenovo Vantage versions on ThinkPad E Series (Gen 1)

Description An improper privilege vulnerability was reported in a BIOS customization feature of Lenovo Vantage on SMB notebook devices, which could allow a local attacker to elevate privileges on the system.

Recommendations For Lenovo V Series (Gen 5), consider disabling the BIOS customization feature in Lenovo Vantage until a patch is available. For ThinkBook 14 (Gen 6, 7), restrict access to the BIOS customization feature in Lenovo Vantage to minimize the risk of exploitation. For ThinkBook 16 (Gen 6, 7), avoid using the BIOS customization feature in Lenovo Vantage until the issue is resolved. For ThinkPad E Series (Gen 1), as a temporary workaround, consider disabling the Lenovo Vantage application until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.