Physical Access Vulnerability in Nuvoton Trusted Platform Module
CVE-2020-25082

3.8LOW

Key Information:

Vendor: Nuvoton
Status: Npct75x Firmware
Vendor: CVE Published:; 10 August 2021

What is CVE-2020-25082?

An attacker with physical access to the Nuvoton Trusted Platform Module NPCT75x versions prior to 7.2.2.0 may exploit an observable timing discrepancy to extract an Elliptic Curve Cryptography (ECC) private key through a side-channel attack against ECDSA. This vulnerability emphasizes the importance of securing physical access to critical hardware components.

References

https://www.nuvoton.com/support/product-related-informati...

x_refsource_MISC

CVSS V3.1

Score:

3.8

Severity:

LOW

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Physical

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 10, 2021
Vulnerability Reserved
Sep 2, 2020

CVE-2020-25082 Data

JSON