CVSS: 3.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-25082
https://notcve.org/view.php?id=CVE-2020-25082
10 Aug 2021 — An attacker with physical access to Nuvoton Trusted Platform Module (NPCT75x 7.2.x before 7.2.2.0) could extract an Elliptic Curve Cryptography (ECC) private key via a side-channel attack against ECDSA, because of an Observable Timing Discrepancy. Un atacante con acceso físico a Nuvoton Trusted Platform Module (NPCT75x versiones 7.2.x anteriores a 7.2.2.0) podría extraer una clave privada de Elliptic Curve Cryptography (ECC) por medio de un ataque de canal lateral contra ECDSA, debido a una Discrepancia de ... • https://www.nuvoton.com/support/product-related-information/security-advisories/sa-002 • CWE-203: Observable Discrepancy •
CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-32015
https://notcve.org/view.php?id=CVE-2021-32015
08 Jun 2021 — In Nuvoton NPCT75x TPM 1.2 firmware 7.4.0.0, a local authenticated malicious user with high privileges could potentially gain unauthorized access to TPM non-volatile memory. NOTE: Upgrading to firmware version 7.4.0.1 will mitigate against the vulnerability, but version 7.4.0.1 is not TCG or Common Criteria (CC) certified. Nuvoton recommends that users apply the NPCT75x TPM 1.2 firmware update. En Nuvoton NPCT75x TPM versión 1.2 versión de firmware 7.4.0.0, un usuario local malicioso y autenticado muy privi... • https://www.nuvoton.com/support/product-related-information/security-advisories/sa-001 • CWE-862: Missing Authorization •