6

CVE-2021-32015

EPSS 0.05%
Veröffentlicht 08.06.2021 17:15:07
Zuletzt bearbeitet 21.11.2024 06:06:43
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

In Nuvoton NPCT75x TPM 1.2 firmware 7.4.0.0, a local authenticated malicious user with high privileges could potentially gain unauthorized access to TPM non-volatile memory. NOTE: Upgrading to firmware version 7.4.0.1 will mitigate against the vulnerability, but version 7.4.0.1 is not TCG or Common Criteria (CC) certified. Nuvoton recommends that users apply the NPCT75x TPM 1.2 firmware update.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Nuvoton ≫ Npct75x Firmware Version7.4.0.0

Nuvoton ≫ Npct75x Version1.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.138

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6	0.8	5.2	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov	3.6	3.9	4.9	AV:L/AC:L/Au:N/C:P/I:P/A:N

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://www.nuvoton.com/support/product-related-information/security-advisories/sa-001/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-32015

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-32015

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-32015

EUVD