PT-2021-19627 · Nuvoton · Nuvoton Npct75X

Published

2021-06-08

Updated

2021-06-21

CVE-2021-32015

CVSS v3.1

6.0

Medium

Vector

AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions: Nuvoton NPCT75x TPM 1.2 firmware version 7.4.0.0

Description: A local authenticated malicious user with high privileges could potentially gain unauthorized access to TPM non-volatile memory.

Recommendations: For Nuvoton NPCT75x TPM 1.2 firmware version 7.4.0.0, upgrade to firmware version 7.4.0.1 to mitigate the issue, noting that version 7.4.0.1 is not TCG or Common Criteria (CC) certified.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2021-32015

Affected Products

Nuvoton Npct75X

PT-2021-19627 · Nuvoton · Nuvoton Npct75X

CVE-2021-32015

Weakness Enumeration

Related Identifiers

Affected Products

References · 3