Vulnerabilities in Lenovo
369 resultsVexday analysis
Com 369 CVEs catalogadas, o portfólio de vulnerabilidades da Lenovo apresenta taxa de exploração ativa abaixo da média geral do catálogo KEV, sem registros confirmados de exploração em curso. O tipo de falha mais frequente é CWE-20 (validação inadequada de entrada), o que sugere atenção recorrente à sanitização de dados em componentes de firmware e software proprietário. A CVE mais perigosa identificada atualmente é CVE-2022-3699, com score EPSS de 0,0428 — o maior valor observado no conjunto —, indicando probabilidade de exploração ainda relativamente baixa, mas suficiente para justificar priorização em ambientes corporativos que dependem de hardware Lenovo. As 13 vulnerabilidades surgidas nos últimos 90 dias e a presença de 4 falhas críticas reforçam a necessidade de ciclos regulares de atualização de firmware e drivers.
CVE-2021-3599MEDIUMA potential vulnerability in the SMI callback function used to access flash device in some ThinkPad models may allow an attacker with local EPSS 0.3%CVE-2019-6196MEDIUMA symbolic link vulnerability in some Lenovo installation packages, prior to version 1.2.9.3, could allow privileged file operations during EPSS 0.3%CVE-2021-3452MEDIUMA potential vulnerability in the system shutdown SMI callback function in some ThinkPad models may allow an attacker with local access and eEPSS 0.3%CVE-2020-8320MEDIUMAn internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege.EPSS 0.3%CVE-2024-7756MEDIUMA potential vulnerability was reported in the ThinkPad L390 Yoga and 10w Notebook that could allow a local attacker to escalate privileges bEPSS 0.3%CVE-2021-3843MEDIUMA potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an attacker with local access and elevated EPSS 0.3%CVE-2022-34887MEDIUMStandard users can directly operate and set printer configuration information , such as IP, in some Lenovo Printers without having to authenEPSS 0.3%CVE-2024-6004MEDIUMA denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to dEPSS 0.3%CVE-2024-5210MEDIUMA denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to pEPSS 0.3%CVE-2024-5209MEDIUMA denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to dEPSS 0.3%CVE-2020-8316MEDIUMA vulnerability was reported in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to read files on the sysEPSS 0.3%CVE-2021-3464HIGHA DLL search path vulnerability was reported in Lenovo PCManager, prior to version 3.0.400.3252, that could allow privilege escalation.EPSS 0.3%CVE-2022-48186MEDIUMA certificate validation vulnerability exists in the Baiying Android application which could lead to information disclosure.EPSS 0.3%CVE-2022-3430MEDIUMA potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges toEPSS 0.3%CVE-2022-3728MEDIUM
A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under EPSS 0.3%CVE-2022-48183MEDIUM
A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under EPSS 0.3%CVE-2022-48182MEDIUM
A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under EPSS 0.3%CVE-2022-1107MEDIUMDuring an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovereEPSS 0.3%CVE-2021-3633HIGHA DLL preloading vulnerability was reported in Lenovo Driver Management prior to version 2.9.0719.1104 that could allow privilege escalationEPSS 0.3%CVE-2024-23592MEDIUMAn authentication bypass vulnerability was reported in Lenovo devices with Synaptics fingerprint readers that could allow an attacker with pEPSS 0.3%