Quest KACE Systems Management Appliance
Moderate fix5 remedies
cpe:2.3:a:quest:kace_system_management_appliance:*:*:*:*:*:*:*, +3 more
Moderate fix5 remedies
- >= 14.1, < 14.1.101
Quest KACE Systems Management Appliance Two-Factor Authentication Bypass Vulnerability
Vulnerability
Patched
A logic flaw allowing authenticated users to bypass TOTP-based two-factor authentication has been identified in Quest KACE Systems Management Appliance (SMA) versions 13.0.x prior to 13.0.385, 13.1.x prior to 13.1.81, 13.2.x prior to 13.2.183, 14.0.x prior to 14.0.341 (Patch 5), and 14.1.x prior to 14.1.101 (Patch 4). This vulnerability exists in the 2FA validation process, enabling users to gain elevated access.
Impact
Exploitation of this vulnerability allows for the bypass of TOTP-based two-factor authentication, potentially leading to unauthorized access with elevated privileges.
Remediation
Quest has released patches for this vulnerability in KACE SMA versions 13.0.385, 13.1.81, 13.2.183, 14.0.341 (Patch 5), and 14.1.101 (Patch 4). Administrators are strongly encouraged to update to one of these patched versions.
Added: Jun 24, 2025, 3:43 PM
Updated: Jun 24, 2025, 4:35 PM
Vulnerability Rating
Custom Algorithm
spread
3.1impact
5.0exploitability
5.2remediation
7.7relevance
0.2threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.