VYPR

Vantage

by Lenovo

CVEs (14)

  • CVE-2024-12673HigFeb 12, 2025
    risk 0.51cvss 7.8epss 0.00

    An improper privilege vulnerability was reported in a BIOS customization feature of Lenovo Vantage on SMB notebook devices which could allow a local attacker to elevate privileges on the system. This vulnerability only affects Vantage installed on these devices: * Lenovo V…

  • CVE-2023-6043HigJan 19, 2024
    risk 0.51cvss 7.8epss 0.00

    A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker to bypass integrity checks and execute arbitrary code with elevated privileges.

  • CVE-2020-8327HigApr 14, 2020
    risk 0.47cvss 7.3epss 0.00

    A privilege escalation vulnerability was reported in LenovoBatteryGaugePackage for Lenovo System Interface Foundation bundled in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to execute code with elevated privileges.

  • CVE-2026-0827HigApr 15, 2026
    risk 0.46cvss 7.1epss 0.00

    During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage that, during installation or when using hardware scan, could allow a local authenticated user to perform an arbitrary file…

  • CVE-2023-6044MedJan 19, 2024
    risk 0.41cvss 6.3epss 0.00

    A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker with physical access to impersonate Lenovo Vantage Service and execute arbitrary code with elevated privileges.

  • CVE-2018-19106MedFeb 20, 2019
    risk 0.40cvss 6.1epss 0.01

    Avi Vantage before 17.2.13 uses an invalid URL encoding during a redirect operation, aka AV-33959.

  • CVE-2025-13154MedJan 14, 2026
    risk 0.36cvss 5.5epss 0.00

    An improper link following vulnerability was reported in the SmartPerformanceAddin for Lenovo Vantage that could allow an authenticated local user to perform an arbitrary file deletion with elevated privileges.

  • CVE-2020-8316MedApr 14, 2020
    risk 0.29cvss 4.4epss 0.00

    A vulnerability was reported in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to read files on the system with elevated privileges.

  • CVE-2026-1717Mar 11, 2026
    risk 0.00cvss epss 0.00

    An input validation vulnerability was reported in the LenovoProductivitySystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to terminate arbitrary processes with elevated privileges.

  • CVE-2026-1716Mar 11, 2026
    risk 0.00cvss epss 0.00

    An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to delete arbitrary registry keys with elevated privileges.

  • CVE-2026-1715Mar 11, 2026
    risk 0.00cvss epss 0.00

    An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to modify arbitrary registry keys with elevated privileges.

  • CVE-2025-6232Jul 17, 2025
    risk 0.00cvss epss 0.00

    An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying specific registry locations.

  • CVE-2025-6231Jul 17, 2025
    risk 0.00cvss epss 0.00

    An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying an application configuration file.

  • CVE-2025-6230Jul 17, 2025
    risk 0.00cvss epss 0.00

    A SQL injection vulnerability was reported in Lenovo Vantage that could allow a local attacker to modify the local SQLite database and execute limited SQLite commands.