Taipei, Taiwan, November 29, 2017 - QNAP® had published security enhancement against security vulnerabilities that could affect specific versions of QNAP products. Please use the following information and solutions to correct the security issues and vulnerabilities.
Security Advisory for Intel ME, SPS, TXE
Release date: 2017/11/29
Security ID: NAS-201711-29
Severity rating: Medium
CVE identifier: CVE-2017-5705 | CVE-2017-5706 | CVE-2017-5707 | CVE-2017-5708 | CVE-2017-5709 | CVE-2017-5710 | CVE-2017-5711 | CVE-2017-5712
Affected products: To be confirmed
Summary
Multiple vulnerabilities were recently found in Intel Management Engine (ME), Server Platform Service (SPS), and Trusted Execution Engine (TXE). If exploited, these vulnerabilities may allow local attackers to execute arbitrary codes on the system.
We are currently evaluating how these issues affect our NAS products. We will update this advisory once we gather more details.
Revision History: V1.0 (November 29, 2017) - Published
If you have any questions regarding this issue, please contact us at
http://helpdesk.qnap.com/.