Artikelnummer: 000187956

DSA-2021-078: Dell PowerEdge Server Security Advisory for a Trusted Platform Module (TPM) 1.2 Firmware Vulnerability

Samenvatting: Remediation is available for a vulnerability in the Nuvoton NPCT75x Trusted Platform Module (TPM) 1.2 firmware version 7.4.0.0 used by Dell PowerEdge Servers that may be exploited by malicious users to compromise the affected system. ...

Article content

Impact

Medium

Gegevens

Third-Party Component	CVE	More information
Trusted Platform Module 1.2 (Firmware 7.4.0.0)	CVE-2021-32015	https://www.nuvoton.com/support/product-related-information/security-advisories/sa-001/

Third-Party Component	CVE	More information
Trusted Platform Module 1.2 (Firmware 7.4.0.0)	CVE-2021-32015	https://www.nuvoton.com/support/product-related-information/security-advisories/sa-001/

Dell Technologies raadt aan dat alle klanten rekening houden met zowel de basisscore van CVSS als alle relevante tijdelijke en omgevingsscores die gevolgen kunnen hebben voor de mogelijke ernst van de specifieke beveiligingsproblemen.

Getroffen producten en herstel

Product	Affected Versions	Updated Versions	Link to Update
R6525, R7525	7.4.0.0	7.4.0.1	https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=yy1pw&oscode=ws19l
C6525	7.4.0.0	7.4.0.1	https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=g6vxj&oscode=ws19l&productcode=poweredge-c6525

To determine the TPM firmware version used on your system:

In System BIOS Settings > System Security, if TPM Information shows as Type: 1.2 NTC and TPM Firmware shows 7.4.0.0 an update is required.

In Windows, run “tpm.msc”. TPM Manufacturer Information shows Manufacturer Name as Nuvoton. If Manufacturer Version shows as 7.4.0.0 and Specification Version as 1.2, an update is required.

In Linux, run the following commands, which displays the following output.

Install tpm-tools package using distro specific tools. Then run from the command line:

# tpm_version

This will output something like this:

TPM 1.2 Version Info:
Chip Version: 1.2.5.81
Spec Level: 2
Errata Revision: 3
TPM Vendor ID: NTC
Vendor Specific data: 0201
TPM Version: 01010000
Manufacturer Info: 57454300

To check the firmware version, run the following from the command line:
# grep "Firmware version" /sys/class/tpm/tpm0/caps

This will output something like this:
Firmware version: 5.81

BIOS updates require a reboot for installation, and scheduling a maintenance window is recommended to perform the BIOS update.

Note:

The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.

Product	Affected Versions	Updated Versions	Link to Update
R6525, R7525	7.4.0.0	7.4.0.1	https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=yy1pw&oscode=ws19l
C6525	7.4.0.0	7.4.0.1	https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=g6vxj&oscode=ws19l&productcode=poweredge-c6525

To determine the TPM firmware version used on your system:

In System BIOS Settings > System Security, if TPM Information shows as Type: 1.2 NTC and TPM Firmware shows 7.4.0.0 an update is required.

In Windows, run “tpm.msc”. TPM Manufacturer Information shows Manufacturer Name as Nuvoton. If Manufacturer Version shows as 7.4.0.0 and Specification Version as 1.2, an update is required.

In Linux, run the following commands, which displays the following output.

Install tpm-tools package using distro specific tools. Then run from the command line:

# tpm_version

This will output something like this:

TPM 1.2 Version Info:
Chip Version: 1.2.5.81
Spec Level: 2
Errata Revision: 3
TPM Vendor ID: NTC
Vendor Specific data: 0201
TPM Version: 01010000
Manufacturer Info: 57454300

To check the firmware version, run the following from the command line:
# grep "Firmware version" /sys/class/tpm/tpm0/caps

This will output something like this:
Firmware version: 5.81

BIOS updates require a reboot for installation, and scheduling a maintenance window is recommended to perform the BIOS update.

Note:

The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.

Revisiegeschiedenis

Revision	Date	Description
1.0	2021-06-08	Initial release

DSA-2021-078: Dell PowerEdge Server Security Advisory for a Trusted Platform Module (TPM) 1.2 Firmware Vulnerability

Samenvatting: Remediation is available for a vulnerability in the Nuvoton NPCT75x Trusted Platform Module (TPM) 1.2 firmware version 7.4.0.0 used by Dell PowerEdge Servers that may be exploited by malicious users to compromise the affected system. ...

Article content

Impact

Gegevens

Getroffen producten en herstel

Revisiegeschiedenis

Verwante informatie

Juridische informatie

Artikeleigenschappen

Getroffen product

Datum laatst gepubliceerd

Versie

Artikeltype

Welkom

Welkom bij Dell

DSA-2021-078: Dell PowerEdge Server Security Advisory for a Trusted Platform Module (TPM) 1.2 Firmware Vulnerability

Samenvatting: Remediation is available for a vulnerability in the Nuvoton NPCT75x Trusted Platform Module (TPM) 1.2 firmware version 7.4.0.0 used by Dell PowerEdge Servers that may be exploited by malicious users to compromise the affected system. ... Meer weergeven Minder weergeven

Article content

Impact

Gegevens

Getroffen producten en herstel

Revisiegeschiedenis

Verwante informatie

Juridische informatie

Artikeleigenschappen

Getroffen product

Datum laatst gepubliceerd

Versie

Artikeltype

Samenvatting: Remediation is available for a vulnerability in the Nuvoton NPCT75x Trusted Platform Module (TPM) 1.2 firmware version 7.4.0.0 used by Dell PowerEdge Servers that may be exploited by malicious users to compromise the affected system. ...