CVE-2020-25082 LOW

CVE-2020-25082

Vendor N/A
Product n/a
Published August 10, 2021
Last update August 4, 2024

CVSS base score

3.8/10
Attack vector Physical
Attack complexity High
Privileges required High
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AC:H/AV:P/A:N/C:H/I:N/PR:H/S:U/UI:N

What the vulnerability does

01Description

An attacker with physical access to Nuvoton Trusted Platform Module (NPCT75x 7.2.x before 7.2.2.0) could extract an Elliptic Curve Cryptography (ECC) private key via a side-channel attack against ECDSA, because of an Observable Timing Discrepancy.

Key dates

02Disclosure timeline

August 10, 2021 CVE published
August 4, 2024 Record updated