Primary

Context

Quest KACE Desktop Authority Insecure Named Pipe Permissions Vulnerability

Vulnerability

Patched

A vulnerability exists in Quest KACE Desktop Authority versions through 11.3.1, related to insecure permissions on Named Pipes used for inter-process communication. These Named Pipes were created without proper access controls, allowing unauthorized local users to potentially access them. This could lead to unintended interactions or privilege escalation within the application.

Impact

The vulnerability could be exploited by an unauthorized local user to access Named Pipes, potentially leading to unauthorized interactions or privilege escalation within the application context.

Remediation

Quest has released a patch for this vulnerability in version 11.3.2, published on November 3, 2025. Users are advised to upgrade to Quest KACE Desktop Authority 11.3.2 or later.

Added: Jan 12, 2026, 4:19 PM

Updated: Jan 12, 2026, 5:25 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

5.0

exploitability

3.5

remediation

7.7

relevance

2.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

5.0

exploitability

3.5

remediation

7.7

relevance

2.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Quest KACE Desktop Authority Insecure Named Pipe Permissions Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Quest KACE Desktop Authority

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating