CVE-2021-32015

MEDIUM

Nuvoton NPCT75x TPM 1.2 Firmware 7.4.0.0 - Authenticated Unauthorized Access to Non-Volatile Memory

Title source: llm
STIX 2.1

Description

In Nuvoton NPCT75x TPM 1.2 firmware 7.4.0.0, a local authenticated malicious user with high privileges could potentially gain unauthorized access to TPM non-volatile memory. NOTE: Upgrading to firmware version 7.4.0.1 will mitigate against the vulnerability, but version 7.4.0.1 is not TCG or Common Criteria (CC) certified. Nuvoton recommends that users apply the NPCT75x TPM 1.2 firmware update.

References (1)

Core 1

Scores

CVSS v3 6.0
EPSS 0.0022
EPSS Percentile 12.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Details

CWE
CWE-862
Status published
Products (1)
nuvoton/npct75x_firmware 7.4.0.0
Published Jun 08, 2021
Tracked Since Feb 18, 2026