CVE-2024-12673: 
Lenovo Vantage vulnerability analysis and mitigation

An improper privilege vulnerability (CVE-2024-12673) was discovered in a BIOS customization feature of Lenovo Vantage on SMB notebook devices. The vulnerability affects specific Lenovo devices including Lenovo V Series (Gen 5), ThinkBook 14 (Gen 6, 7), ThinkBook 16 (Gen 6, 7), and ThinkPad E Series (Gen 1). The issue was disclosed on February 12, 2025 (NVD).

The vulnerability has been assigned a CVSS v4.0 base score of 8.5 (HIGH) with the vector string CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N, and a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified under CWE-250 (Execution with Unnecessary Privileges) (NVD).

If exploited, this vulnerability could allow a local attacker to elevate privileges on the affected system, potentially gaining unauthorized access to sensitive system resources and functions (NVD).

Lenovo has released security advisories and patches to address this vulnerability. Users of affected devices should refer to Lenovo's security advisory for detailed mitigation instructions (Lenovo Advisory).