Lucene search

MitreCVELIST:CVE-2020-25082

HistoryAug 10, 2021 - 3:28 p.m.

CVE-2020-25082

2021-08-1015:28:05

mitre

www.cve.org

nuvoton tpm 7.2.x vulnerability

ecc private key extraction

side-channel attack

observable timing discrepancy

CVSS3

3.8

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

Confidence

High

EPSS

Percentile

12.6%

JSON

An attacker with physical access to Nuvoton Trusted Platform Module (NPCT75x 7.2.x before 7.2.2.0) could extract an Elliptic Curve Cryptography (ECC) private key via a side-channel attack against ECDSA, because of an Observable Timing Discrepancy.

References

www.nuvoton.com/support/product-related-information/security-advisories/sa-002/

CVSS3

3.8

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVELIST:CVE-2020-25082