CVE-2021-32015
MEDIUMNuvoton NPCT75x TPM 1.2 Firmware 7.4.0.0 - Authenticated Unauthorized Access to Non-Volatile Memory
Title source: llmDescription
In Nuvoton NPCT75x TPM 1.2 firmware 7.4.0.0, a local authenticated malicious user with high privileges could potentially gain unauthorized access to TPM non-volatile memory. NOTE: Upgrading to firmware version 7.4.0.1 will mitigate against the vulnerability, but version 7.4.0.1 is not TCG or Common Criteria (CC) certified. Nuvoton recommends that users apply the NPCT75x TPM 1.2 firmware update.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.nuvoton.com/support/product-related-information/security-advisories/sa-001/
Scores
CVSS v3
6.0
EPSS
0.0022
EPSS Percentile
12.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-862
Status
published
Products (1)
nuvoton/npct75x_firmware
7.4.0.0
Published
Jun 08, 2021
Tracked Since
Feb 18, 2026