Vulnerabilities in Lenovo
369 resultsVexday analysis
Com 369 CVEs catalogadas, o portfólio de vulnerabilidades da Lenovo apresenta taxa de exploração ativa abaixo da média geral do catálogo KEV, sem registros confirmados de exploração em curso. O tipo de falha mais frequente é CWE-20 (validação inadequada de entrada), o que sugere atenção recorrente à sanitização de dados em componentes de firmware e software proprietário. A CVE mais perigosa identificada atualmente é CVE-2022-3699, com score EPSS de 0,0428 — o maior valor observado no conjunto —, indicando probabilidade de exploração ainda relativamente baixa, mas suficiente para justificar priorização em ambientes corporativos que dependem de hardware Lenovo. As 13 vulnerabilidades surgidas nos últimos 90 dias e a presença de 4 falhas críticas reforçam a necessidade de ciclos regulares de atualização de firmware e drivers.
CVE-2023-43570MEDIUM
A potential vulnerability was reported in the SMI callback function of the OemSmi driver that may allow a local attacker with elevated permEPSS 0.2%CVE-2023-43581MEDIUMA buffer overflow was reported in the Update_WMI module in some Lenovo Desktop products that may allow a local attacker with elevated privilEPSS 0.2%CVE-2023-43575MEDIUMA buffer overflow was reported in the UltraFunctionTable module in some Lenovo Desktop products that may allow a local attacker with elevateEPSS 0.2%CVE-2023-43580MEDIUMA buffer overflow was reported in the SmuV11DxeVMR module in some Lenovo Desktop products that may allow a local attacker with elevated privEPSS 0.2%CVE-2023-43567MEDIUMA buffer overflow was reported in the LemSecureBootForceKey module in some Lenovo Desktop products that may allow a local attacker with elevEPSS 0.2%CVE-2023-5075MEDIUMA buffer overflow was reported in the FmpSipoCapsuleDriver driver in the IdeaPad Duet 3-10IGL5 that may allow a local attacker with elevatedEPSS 0.2%CVE-2023-43571MEDIUMA buffer overflow was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevatEPSS 0.2%CVE-2023-43578MEDIUMA buffer overflow was reported in the SmiFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privilegEPSS 0.2%CVE-2023-43577MEDIUMA buffer overflow was reported in the ReFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privilegeEPSS 0.2%CVE-2023-43569MEDIUMA buffer overflow was reported in the OemSmi module in some Lenovo Desktop products that may allow a local attacker with elevated privilegesEPSS 0.2%CVE-2023-43579MEDIUMA buffer overflow was reported in the SmuV11Dxe driver in some Lenovo Desktop products that may allow a local attacker with elevated privileEPSS 0.2%CVE-2023-43573MEDIUMA buffer overflow was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may allow a local attackerEPSS 0.2%CVE-2023-43576MEDIUMA buffer overflow was reported in the WMISwSmi module in some Lenovo Desktop products that may allow a local attacker with elevated privilegEPSS 0.2%CVE-2022-40137MEDIUMA buffer overflow in the WMI SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to execute arEPSS 0.2%CVE-2021-3786MEDIUMA potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad systems could be usedEPSS 0.2%CVE-2021-42849MEDIUMA weak default password for the serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device EPSS 0.2%CVE-2025-12048HIGHAn arbitrary file upload vulnerability was reported in the Lenovo Scanner Pro client during an internal security assessment that could allowEPSS 0.2%CVE-2020-8332MEDIUMA potential vulnerability in the SMI callback function used in the legacy BIOS mode USB drivers in some legacy Lenovo and IBM System x serveEPSS 0.2%CVE-2020-8342HIGHA race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106 that could allow escalation of privilege.EPSS 0.2%CVE-2023-45077MEDIUMA memory leakage vulnerability was reported in the 534D0740 DXE driver that may allow a local attacker with elevated privileges to write to EPSS 0.2%