Abstract
Multiple security vulnerabilities have been found in Intel Trusted Execution Technology (TXE) and Intel Manageability Engine (ME). These vulnerabilities may allow local attackers to execute arbitrary code causing a denial-of-service attack or obtain sensitive information from a vulnerable version of Synology DiskStation Manager (DSM).
Administrative privilege is required for these vulnerabilities to be exploited. Therefore, Synology has evaluated this issue to be of moderate severity.
Severity
- CVE-2017-5705
- CVE-2017-5706
- CVE-2017-5707
- CVE-2017-5708
- CVE-2017-5709
- CVE-2017-5710
- CVE-2017-5711
- CVE-2017-5712
Affected
Description
- CVE-2017-5705
Multiple buffer overflows in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code.
- CVE-2017-5706
Multiple buffer overflows in kernel in Intel Server Platform Services Firmware 4.0 allow attacker with local access to the system to execute arbitrary code.
- CVE-2017-5707
Multiple buffer overflows in kernel in Intel Trusted Execution Engine Firmware 3.0 allow attacker with local access to the system to execute arbitrary code.
- CVE-2017-5708
Multiple privilege escalations in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow unauthorized process to access privileged content via unspecified vector.
- CVE-2017-5709
Multiple privilege escalations in kernel in Intel Server Platform Services Firmware 4.0 allows unauthorized process to access privileged content via unspecified vector.
- CVE-2017-5710
Multiple privilege escalations in kernel in Intel Trusted Execution Engine Firmware 3.0 allows unauthorized process to access privileged content via unspecified vector.
- CVE-2017-5711
Multiple buffer overflows in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code with AMT execution privilege.
- CVE-2017-5712
Buffer overflow in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allows attacker with remote Admin access to the system to execute arbitrary code with AMT execution privilege.
Mitigation
None
Update Availability
Synology will release the updates for affected products.
Reference