CVSS: 6.7EPSS: 0%CPEs: 8EXPL: 0CVE-2024-38433 – Nuvoton - CWE-305: Authentication Bypass by Primary Weakness
https://notcve.org/view.php?id=CVE-2024-38433
11 Jul 2024 — Nuvoton - CWE-305: Authentication Bypass by Primary Weakness An attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock reference code can modify the u-boot image header on flash parsed by the BootBlock which could lead to arbitrary code execution. Nuvoton - CWE-305: Omisión de autenticación por debilidad primaria Un atacante con acceso de escritura a SPI-Flash en un subsistema BMC NPCM7xx que utiliza el código de referencia Nuvoton BootBlock puede modificar e... • https://www.gov.il/en/Departments/faq/cve_advisories • CWE-287: Improper Authentication CWE-305: Authentication Bypass by Primary Weakness •
CVSS: 3.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-25082
https://notcve.org/view.php?id=CVE-2020-25082
10 Aug 2021 — An attacker with physical access to Nuvoton Trusted Platform Module (NPCT75x 7.2.x before 7.2.2.0) could extract an Elliptic Curve Cryptography (ECC) private key via a side-channel attack against ECDSA, because of an Observable Timing Discrepancy. Un atacante con acceso físico a Nuvoton Trusted Platform Module (NPCT75x versiones 7.2.x anteriores a 7.2.2.0) podría extraer una clave privada de Elliptic Curve Cryptography (ECC) por medio de un ataque de canal lateral contra ECDSA, debido a una Discrepancia de ... • https://www.nuvoton.com/support/product-related-information/security-advisories/sa-002 • CWE-203: Observable Discrepancy •
CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-32015
https://notcve.org/view.php?id=CVE-2021-32015
08 Jun 2021 — In Nuvoton NPCT75x TPM 1.2 firmware 7.4.0.0, a local authenticated malicious user with high privileges could potentially gain unauthorized access to TPM non-volatile memory. NOTE: Upgrading to firmware version 7.4.0.1 will mitigate against the vulnerability, but version 7.4.0.1 is not TCG or Common Criteria (CC) certified. Nuvoton recommends that users apply the NPCT75x TPM 1.2 firmware update. En Nuvoton NPCT75x TPM versión 1.2 versión de firmware 7.4.0.0, un usuario local malicioso y autenticado muy privi... • https://www.nuvoton.com/support/product-related-information/security-advisories/sa-001 • CWE-862: Missing Authorization •