Vulnerabilities > CVE-2021-32015 - Missing Authorization vulnerability in Nuvoton Npct75X Firmware 7.4.0.0

047910
CVSS 3.6 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE
local
low complexity
nuvoton
CWE-862

Summary

In Nuvoton NPCT75x TPM 1.2 firmware 7.4.0.0, a local authenticated malicious user with high privileges could potentially gain unauthorized access to TPM non-volatile memory. NOTE: Upgrading to firmware version 7.4.0.1 will mitigate against the vulnerability, but version 7.4.0.1 is not TCG or Common Criteria (CC) certified. Nuvoton recommends that users apply the NPCT75x TPM 1.2 firmware update.

Vulnerable Configurations

Part Description Count
OS
Nuvoton
1
Hardware
Nuvoton
1

Common Weakness Enumeration (CWE)