CNNVD-202506-3089 Information
CNNVD ID
CNNVD-202506-3089
Related CVE
- CNNVD Published: 2025-06-24
Description (Chinese)
Quest Software Quest KACE Systems Management Appliance是美国Quest Software公司的一款IT资产管理设备。 Quest KACE Systems Management Appliance存在安全漏洞,该漏洞源于双因素认证实现存在逻辑缺陷,可能导致绕过TOTP认证要求。以下版本受到影响:13.0.385之前版本、13.1.81之前版本、13.2.183之前版本、14.0.341之前版本和14.1.101之前版本。
Description (English)
Quest Software Quest KACE Systems Management Application is an IT asset management facility of the United States company Quest Software. There is a security loophole in Quest KACE Systems Management Application, which stems from a logical flaw in the dual-factor authentication, which may lead to circumventing the TOTP certification requirements. The following versions were affected: pre-13.0.385, pre-1.3.81, pre-13.2.183, pre-14.0341 and pre-14.1.101.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Quest Software
Published
2025-06-24
Last Modified
2026-02-24
References
https://support.quest.com/kb/4379499/quest-response-to-kace-sma-vulnerabilities-cve-2025-32975-cve-2025-32976-cve-2025-32977-cve-2025-32978 https://seclists.org/fulldisclosure/2025/Jun/23 https://seralys.com/research/CVE-2025-32976.txt https://access.redhat.com/security/cve/cve-2025-32976
Patch
https://support.quest.com/kace-systems-management-appliance/14.1/download-new-releases
Share on: