CVE-2025-32976

216.73.216.233

· Published 24/06/2025 15:15 · Modified 24/06/2025 16:15

Labels: CVE-2025-32976 2025-06-24 CVE-2025-32976 CWE-288 [email protected]

Essential information

Published: 24/06/2025 15:15
Modified: 24/06/2025 16:15
Author: —
Creator: —
CVSS: 8.8 HIGH (v3.1)
CISA KEV: No
CWE: —
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) contains a logic flaw in its two-factor authentication implementation that allows authenticated users to bypass TOTP-based 2FA requirements. The vulnerability exists in the 2FA validation process and can be exploited to gain elevated access.

NVD status

Status: Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
quest / quest kace systems management appliance	`cpe:2.3:a:quest:quest_kace_systems_management_appliance:13.0.0-13.0.385:::::::*`
quest / quest kace systems management appliance	`cpe:2.3:a:quest:quest_kace_systems_management_appliance:13.1.0-13.1.81:::::::*`
quest / quest kace systems management appliance	`cpe:2.3:a:quest:quest_kace_systems_management_appliance:13.2.0-13.2.183:::::::*`
quest / quest kace systems management appliance	`cpe:2.3:a:quest:quest_kace_systems_management_appliance:14.0.0-14.0.341:::::::*`
quest / quest kace systems management appliance	`cpe:2.3:a:quest:quest_kace_systems_management_appliance:14.1.0-14.1.101:::::::*`