An improper link following vulnerability was reported in the SmartPerformanceAddin for Lenovo Vantage that could allow an authenticated local user to perform an arbitrary file deletion with elevated privileges.
Credits
Lenovo thanks Alex Lee Tsz Hin @PwCHK and Manuel Kiesel (cyllective AG) / John Ostrowski (Compass Security) for reporting this issue.
