Security ID : NAS-201905-17
Security Advisory for Intel CSME, TXE, SPS & MSBDS
Release date : May 17, 2019
CVE identifier : CVE-2019-0089 | CVE-2019-0090 | CVE-2019-0086 |
CVE-2019-0091 | CVE-2019-0092 | CVE-2019-0093 |
CVE-2019-0094 | CVE-2019-0096 | CVE-2019-0097 |
CVE-2019-0098 | CVE-2019-0099 | CVE-2019-0153 |
CVE-2019-0170 | CVE-2018-12126 | CVE-2018-12127 |<Affected products: QNAP NAS devices with Intel CPU
Severity
Low
Status
Resolved
Summary
Multiple vulnerabilities were recently found in Intel Converged Security & Management Engine (CSME), Server Platform Service (SPS), Trusted Execution Engine (TXE), and Microarchitectural Store Buffer Data Sampling (MSBDS). If exploited, these vulnerabilities may allow attackers to obtain privilege escalation, perform denial-of-service attacks (DoS), or access sensitive information on the NAS.
We are currently evaluating how these issues affect our NAS products. We will update this advisory once further details are gathered.
Revision History: V1.0 (May 17, 2019) - Published
