Vulnerabilities > CVE-2020-25082 - Information Exposure Through Discrepancy vulnerability in Nuvoton Npct75X Firmware

CVSS 1.9 - LOW

Attack vector

LOCAL

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

nuvoton

CWE-203

NVD

Published: 2021-08-10

Updated: 2021-08-17

Summary

An attacker with physical access to Nuvoton Trusted Platform Module (NPCT75x 7.2.x before 7.2.2.0) could extract an Elliptic Curve Cryptography (ECC) private key via a side-channel attack against ECDSA, because of an Observable Timing Discrepancy.

Vulnerable Configurations

Part	Description	Count
OS	Nuvoton Nuvoton Npct75X Firmware *	1
Hardware	Nuvoton Nuvoton Npct75X -	1

Common Weakness Enumeration (CWE)

CWE-203 - Information Exposure Through Discrepancy

References

https://www.nuvoton.com/support/product-related-information/security-advisories/sa-002/