Vantage
by Lenovo
CVEs (14)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-12673 | Hig | 0.51 | 7.8 | 0.00 | Feb 12, 2025 | An improper privilege vulnerability was reported in a BIOS customization feature of Lenovo Vantage on SMB notebook devices which could allow a local attacker to elevate privileges on the system. This vulnerability only affects Vantage installed on these devices: * Lenovo V… | ||
| CVE-2023-6043 | Hig | 0.51 | 7.8 | 0.00 | Jan 19, 2024 | A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker to bypass integrity checks and execute arbitrary code with elevated privileges. | ||
| CVE-2020-8327 | Hig | 0.47 | 7.3 | 0.00 | Apr 14, 2020 | A privilege escalation vulnerability was reported in LenovoBatteryGaugePackage for Lenovo System Interface Foundation bundled in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to execute code with elevated privileges. | ||
| CVE-2026-0827 | Hig | 0.46 | 7.1 | 0.00 | Apr 15, 2026 | During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage that, during installation or when using hardware scan, could allow a local authenticated user to perform an arbitrary file… | ||
| CVE-2023-6044 | Med | 0.41 | 6.3 | 0.00 | Jan 19, 2024 | A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker with physical access to impersonate Lenovo Vantage Service and execute arbitrary code with elevated privileges. | ||
| CVE-2018-19106 | Med | 0.40 | 6.1 | 0.01 | Feb 20, 2019 | Avi Vantage before 17.2.13 uses an invalid URL encoding during a redirect operation, aka AV-33959. | ||
| CVE-2025-13154 | Med | 0.36 | 5.5 | 0.00 | Jan 14, 2026 | An improper link following vulnerability was reported in the SmartPerformanceAddin for Lenovo Vantage that could allow an authenticated local user to perform an arbitrary file deletion with elevated privileges. | ||
| CVE-2020-8316 | Med | 0.29 | 4.4 | 0.00 | Apr 14, 2020 | A vulnerability was reported in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to read files on the system with elevated privileges. | ||
| CVE-2026-1717 | 0.00 | — | 0.00 | Mar 11, 2026 | An input validation vulnerability was reported in the LenovoProductivitySystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to terminate arbitrary processes with elevated privileges. | |||
| CVE-2026-1716 | 0.00 | — | 0.00 | Mar 11, 2026 | An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to delete arbitrary registry keys with elevated privileges. | |||
| CVE-2026-1715 | 0.00 | — | 0.00 | Mar 11, 2026 | An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to modify arbitrary registry keys with elevated privileges. | |||
| CVE-2025-6232 | 0.00 | — | 0.00 | Jul 17, 2025 | An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying specific registry locations. | |||
| CVE-2025-6231 | 0.00 | — | 0.00 | Jul 17, 2025 | An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying an application configuration file. | |||
| CVE-2025-6230 | 0.00 | — | 0.00 | Jul 17, 2025 | A SQL injection vulnerability was reported in Lenovo Vantage that could allow a local attacker to modify the local SQLite database and execute limited SQLite commands. |
- risk 0.51cvss 7.8epss 0.00
An improper privilege vulnerability was reported in a BIOS customization feature of Lenovo Vantage on SMB notebook devices which could allow a local attacker to elevate privileges on the system. This vulnerability only affects Vantage installed on these devices: * Lenovo V…
- risk 0.51cvss 7.8epss 0.00
A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker to bypass integrity checks and execute arbitrary code with elevated privileges.
- risk 0.47cvss 7.3epss 0.00
A privilege escalation vulnerability was reported in LenovoBatteryGaugePackage for Lenovo System Interface Foundation bundled in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to execute code with elevated privileges.
- risk 0.46cvss 7.1epss 0.00
During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage that, during installation or when using hardware scan, could allow a local authenticated user to perform an arbitrary file…
- risk 0.41cvss 6.3epss 0.00
A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker with physical access to impersonate Lenovo Vantage Service and execute arbitrary code with elevated privileges.
- risk 0.40cvss 6.1epss 0.01
Avi Vantage before 17.2.13 uses an invalid URL encoding during a redirect operation, aka AV-33959.
- risk 0.36cvss 5.5epss 0.00
An improper link following vulnerability was reported in the SmartPerformanceAddin for Lenovo Vantage that could allow an authenticated local user to perform an arbitrary file deletion with elevated privileges.
- risk 0.29cvss 4.4epss 0.00
A vulnerability was reported in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to read files on the system with elevated privileges.
- CVE-2026-1717Mar 11, 2026risk 0.00cvss —epss 0.00
An input validation vulnerability was reported in the LenovoProductivitySystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to terminate arbitrary processes with elevated privileges.
- CVE-2026-1716Mar 11, 2026risk 0.00cvss —epss 0.00
An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to delete arbitrary registry keys with elevated privileges.
- CVE-2026-1715Mar 11, 2026risk 0.00cvss —epss 0.00
An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to modify arbitrary registry keys with elevated privileges.
- CVE-2025-6232Jul 17, 2025risk 0.00cvss —epss 0.00
An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying specific registry locations.
- CVE-2025-6231Jul 17, 2025risk 0.00cvss —epss 0.00
An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying an application configuration file.
- CVE-2025-6230Jul 17, 2025risk 0.00cvss —epss 0.00
A SQL injection vulnerability was reported in Lenovo Vantage that could allow a local attacker to modify the local SQLite database and execute limited SQLite commands.