Vulnerabilidades em Lenovo
369 resultadosAnálise Vexday
Com 369 CVEs catalogadas, o portfólio de vulnerabilidades da Lenovo apresenta taxa de exploração ativa abaixo da média geral do catálogo KEV, sem registros confirmados de exploração em curso. O tipo de falha mais frequente é CWE-20 (validação inadequada de entrada), o que sugere atenção recorrente à sanitização de dados em componentes de firmware e software proprietário. A CVE mais perigosa identificada atualmente é CVE-2022-3699, com score EPSS de 0,0428 — o maior valor observado no conjunto —, indicando probabilidade de exploração ainda relativamente baixa, mas suficiente para justificar priorização em ambientes corporativos que dependem de hardware Lenovo. As 13 vulnerabilidades surgidas nos últimos 90 dias e a presença de 4 falhas críticas reforçam a necessidade de ciclos regulares de atualização de firmware e drivers.
CVE-2022-4574MEDIUM
An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated prEPSS 0.2%CVE-2024-45101MEDIUMA privilege escalation vulnerability was discovered when Single Sign On (SSO) is enabled that could allow an attacker to intercept a valid, EPSS 0.2%CVE-2025-9214MEDIUMA missing authentication vulnerability was reported in some Lenovo printers that could allow a user to view limited device information or moEPSS 0.2%CVE-2022-3742MEDIUMA potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevatEPSS 0.2%CVE-2022-4573MEDIUM
An SMI handler input validation vulnerability in the ThinkPad X1 Fold Gen 1 could allow an attacker with local access and elevated privilegEPSS 0.2%CVE-2023-6044MEDIUMA privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker with physical access to impersonate LeEPSS 0.2%CVE-2024-33578HIGHA DLL hijack vulnerability was reported in Lenovo Leyun that could allow a local attacker to execute code with elevated privileges.EPSS 0.2%CVE-2022-4568HIGHA directory permissions management vulnerability in Lenovo System Update may allow elevation of privileges.EPSS 0.2%CVE-2023-4028MEDIUMA buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker wEPSS 0.2%CVE-2021-3722MEDIUMA denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow configuration files to be wEPSS 0.2%CVE-2023-34419MEDIUMA buffer overflow has been identified in the SetupUtility driver in some Lenovo Notebook products which may allow an attacker with local accEPSS 0.2%CVE-2023-4029MEDIUMA buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with locEPSS 0.2%CVE-2022-4434MEDIUMA buffer over-read vulnerability was reported in the ThinkPadX13s BIOS driver that could allow a local attacker with elevated privileges to EPSS 0.2%CVE-2024-33581HIGHA DLL hijack vulnerability was reported in Lenovo PC Manager AI intelligent scenario that could allow a local attacker to execute code with EPSS 0.2%CVE-2024-33582HIGHA DLL hijack vulnerability was reported in Lenovo Service Framework that could allow a local attacker to execute code with elevated privilegEPSS 0.2%CVE-2022-4435MEDIUMA buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoRemoteConfigUpdateDxe driver that could allow a local attacker EPSS 0.2%CVE-2022-4432MEDIUMA buffer over-read vulnerability was reported in the ThinkPadX13s BIOS PersistenceConfigDxe driver that could allow a local attacker with elEPSS 0.2%CVE-2024-33579HIGHA DLL hijack vulnerability was reported in Lenovo Baiying that could allow a local attacker to execute code with elevated privileges.EPSS 0.2%CVE-2022-4433MEDIUMA buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoSetupConfigDxe driver that could allow a local attacker with elEPSS 0.2%CVE-2024-33580HIGHA DLL hijack vulnerability was reported in Lenovo Personal Cloud that could allow a local attacker to execute code with elevated privileges.EPSS 0.2%