Vulnerabilidades em Lenovo
369 resultadosAnálise Vexday
Com 369 CVEs catalogadas, o portfólio de vulnerabilidades da Lenovo apresenta taxa de exploração ativa abaixo da média geral do catálogo KEV, sem registros confirmados de exploração em curso. O tipo de falha mais frequente é CWE-20 (validação inadequada de entrada), o que sugere atenção recorrente à sanitização de dados em componentes de firmware e software proprietário. A CVE mais perigosa identificada atualmente é CVE-2022-3699, com score EPSS de 0,0428 — o maior valor observado no conjunto —, indicando probabilidade de exploração ainda relativamente baixa, mas suficiente para justificar priorização em ambientes corporativos que dependem de hardware Lenovo. As 13 vulnerabilidades surgidas nos últimos 90 dias e a presença de 4 falhas críticas reforçam a necessidade de ciclos regulares de atualização de firmware e drivers.
CVE-2022-3746MEDIUMA potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevatEPSS 0.2%CVE-2023-1577HIGHA path hijacking vulnerability was reported in Lenovo Driver Manager prior to version 3.1.1307.1308 that could allow a local user to executeEPSS 0.2%CVE-2022-3744MEDIUMA potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevatEPSS 0.2%CVE-2024-45105MEDIUMAn internal product security audit discovered a UEFI SMM (System Management Mode) callout vulnerability in some ThinkSystem servers that couEPSS 0.2%CVE-2025-12047MEDIUMA vulnerability was reported in the Lenovo Scanner pro application during an internal security assessment that, under certain circumstances,EPSS 0.2%CVE-2023-25496HIGHA privilege escalation vulnerability was reported in Lenovo Drivers Management Lenovo Driver Manager that could allow a local user to executEPSS 0.2%CVE-2025-4657HIGHA buffer overflow vulnerability was reported in the Lenovo Protection Driver, prior to version 5.1.1110.4231, used in Lenovo PC Manager, LenEPSS 0.2%CVE-2024-2175HIGHAn insecure permissions vulnerability was reported in Lenovo Display Control Center (LDCC) and Lenovo Accessories and Display Manager (LADM)EPSS 0.2%CVE-2023-5081LOWAn information disclosure vulnerability was reported in the Lenovo Tab M8 HD that could allow a local application to gather a non-resettableEPSS 0.2%CVE-2024-4763HIGHAn insecure driver vulnerability was reported in Lenovo Display Control Center (LDCC) and Lenovo Accessories and Display Manager (LADM)
thEPSS 0.2%CVE-2024-23591LOWThinkSystem SR670V2 servers manufactured from approximately June 2021 to July 2023 were left in Manufacturing Mode which could allow
an atEPSS 0.2%CVE-2022-4816MEDIUMA denial-of-service vulnerability has been identified in Lenovo Safecenter that could allow a local user to crash the application.EPSS 0.2%CVE-2023-6450MEDIUMAn incorrect permissions vulnerability was reported in the Lenovo App Store app that could allow an attacker to use system resources, resultEPSS 0.2%CVE-2023-2290MEDIUMA potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to eEPSS 0.2%CVE-2025-6249HIGHAn authentication bypass vulnerability was reported in FileZ client application that could allow a local attacker with elevated permissions EPSS 0.2%CVE-2025-9201HIGHA potential DLL hijacking vulnerability was discovered in Lenovo Browser during an internal security assessment that could allow a local useEPSS 0.2%CVE-2025-2501HIGHAn untrusted search path vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges.EPSS 0.2%CVE-2023-5080MEDIUMA privilege escalation vulnerability was reported in some Lenovo tablet products that could allow local applications access to device identiEPSS 0.2%CVE-2025-6230MEDIUMA SQL injection vulnerability was reported in Lenovo Vantage that could allow a local attacker to modify the local SQLite database and execuEPSS 0.2%CVE-2017-3772MEDIUMA vulnerability was reported in Lenovo PC Manager versions prior to 2.6.40.3154 that could allow an attacker to cause a system reboot.EPSS 0.1%