CVE-2023-6044 MEDIUM

CVE-2023-6044

Vendor Lenovo
Product Vantage
Weakness CWE-290
Published January 19, 2024
Last update May 30, 2025

CVSS base score

6.3/10
Attack vector Physical
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker with physical access to impersonate Lenovo Vantage Service and execute arbitrary code with elevated privileges.

Key dates

02Disclosure timeline

January 19, 2024 CVE published
May 30, 2025 Record updated