Vulnerabilidades en Lenovo
369 resultadosAnálisis Vexday
Com 369 CVEs catalogadas, o portfólio de vulnerabilidades da Lenovo apresenta taxa de exploração ativa abaixo da média geral do catálogo KEV, sem registros confirmados de exploração em curso. O tipo de falha mais frequente é CWE-20 (validação inadequada de entrada), o que sugere atenção recorrente à sanitização de dados em componentes de firmware e software proprietário. A CVE mais perigosa identificada atualmente é CVE-2022-3699, com score EPSS de 0,0428 — o maior valor observado no conjunto —, indicando probabilidade de exploração ainda relativamente baixa, mas suficiente para justificar priorização em ambientes corporativos que dependem de hardware Lenovo. As 13 vulnerabilidades surgidas nos últimos 90 dias e a presença de 4 falhas críticas reforçam a necessidade de ciclos regulares de atualização de firmware e drivers.
CVE-2021-3462MEDIUMA privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could allow unauthoEPSS 0.2%CVE-2023-3112HIGHA vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an attacker with local access to eEPSS 0.2%CVE-2025-4371HIGHA potential vulnerability was reported in the Lenovo 510 FHD and Performance FHD web cameras that could allow an attacker with physical acceEPSS 0.2%CVE-2026-0827MEDIUMDuring an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareScanAddin used in LenEPSS 0.2%CVE-2025-10495HIGHA potential vulnerability was reported in the Lenovo PC Manager, Lenovo App Store, Lenovo Browser, and Lenovo Legion Zone client applicationEPSS 0.2%CVE-2022-1110MEDIUMA buffer overflow vulnerability in Lenovo Smart Standby Driver prior to version 4.1.50.0 could allow a local attacker to cause denial of serEPSS 0.2%CVE-2022-40136MEDIUMAn information leak vulnerability in SMI Handler used to configure platform settings over WMI in some Lenovo models may allow an attacker wiEPSS 0.2%CVE-2022-40135MEDIUMAn information leak vulnerability in the Smart USB Protection SMI Handler in some Lenovo models may allow an attacker with local access and EPSS 0.2%CVE-2021-3451MEDIUMA denial of service vulnerability was reported in Lenovo PCManager, prior to version 3.0.400.3252, that could allow configuration files to bEPSS 0.2%CVE-2023-4706HIGH
A privilege escalation vulnerability was reported in Lenovo preloaded devices deployed using Microsoft AutoPilot under a standard user accoEPSS 0.2%CVE-2026-4145HIGHDuring an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix that could allow a local authenticatEPSS 0.2%CVE-2022-40134MEDIUMAn information leak vulnerability in the SMI Set BIOS Password SMI Handler in some Lenovo models may allow an attacker with local access andEPSS 0.2%CVE-2022-48189MEDIUMAn SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privEPSS 0.2%CVE-2024-8059MEDIUMIPMI credentials may be captured in XCC audit log entries when the account username length is 16 characters.EPSS 0.2%CVE-2022-4569HIGHA local privilege escalation vulnerability in the ThinkPad Hybrid USB-C with USB-A Dock Firmware Update Tool could allow an attacker with loEPSS 0.2%CVE-2024-45102MEDIUMA privilege escalation vulnerability was discovered that could allow a valid, authenticated LXCA user to escalate their permissions for a coEPSS 0.2%CVE-2022-48181MEDIUMAn ErrorMessage driver stack-based buffer overflow vulnerability in BIOS of some ThinkPad models could allow an attacker with local access tEPSS 0.2%CVE-2022-48188MEDIUMA buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could allow an attacker withEPSS 0.2%CVE-2021-3721MEDIUMA denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.20.10282 that could allow an attacker with local accEPSS 0.2%CVE-2022-0636MEDIUMA denial of service vulnerability was reported in Lenovo Thin Installer prior to version 1.3.0039 that could trigger a system crash.EPSS 0.2%