CVE-2025-32976: Quest KACE SMA Two-Factor Authentication Bypass

Quest KACE Systems Management Appliance (SMA) is a popular solution for managing and securing endpoints. A critical vulnerability, CVE-2025-32976, allows authenticated users to bypass two-factor authentication (2FA), potentially leading to unauthorized access and control over managed systems.

Vulnerability Details

CVE ID: CVE-2025-32976
Description: Quest KACE SMA versions 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) contain a logic flaw in their two-factor authentication implementation. Authenticated users can bypass TOTP-based 2FA requirements. The vulnerability exists in the 2FA validation process and can be exploited to gain elevated access.
CVSS Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS Explanation: This vulnerability has a high severity rating. The 'AV:N' (Network) attack vector means it can be exploited remotely. 'AC:L' (Low) attack complexity indicates it's easy to exploit. 'PR:L' (Low Privileges Required) means only a regular user account is needed. 'UI:N' (No User Interaction) confirms no user interaction is required. The impacts are 'C:H' (High Confidentiality), 'I:H' (High Integrity), and 'A:H' (High Availability), meaning a successful exploit could lead to complete compromise of the system.
Exploit Requirements: An attacker needs valid user credentials for the KACE SMA.
Affected Vendor: Quest
Affected Product: KACE Systems Management Appliance (SMA)
Affected Versions:
- 13.0.x before 13.0.385
- 13.1.x before 13.1.81
- 13.2.x before 13.2.183
- 14.0.x before 14.0.341 (Patch 5)
- 14.1.x before 14.1.101 (Patch 4)
CWE: CWE-288 - Authentication Bypass Using an Alternate Path or Channel. This means the application provides a way to bypass the intended authentication mechanism.

Timeline of Events

2025-06-24: CVE ID assigned.
2025-06-24: Vulnerability details published.

Exploitability & Real-World Risk

This vulnerability poses a significant risk. Since KACE SMA manages numerous endpoints, a successful 2FA bypass could allow an attacker to gain control over a large number of systems within an organization. This could lead to data breaches, ransomware attacks, and other malicious activities. The low attack complexity and the requirement of only valid user credentials make this vulnerability easily exploitable.

Recommendations

Immediate Action: Upgrade your KACE SMA to the latest patched version: 13.0.385, 13.1.81, 13.2.183, 14.0.341 (Patch 5), or 14.1.101 (Patch 4) or later.
Two-Factor Enforcement: Ensure that two-factor authentication is enabled and enforced for all user accounts.
Regular Audits: Conduct regular security audits and penetration testing to identify and address potential vulnerabilities.
Principle of Least Privilege: Implement the principle of least privilege to limit the impact of potential breaches.

Technical Insight

The vulnerability lies in a logic flaw within the 2FA validation process. Essentially, the application fails to properly verify the TOTP code, allowing an authenticated user to proceed without providing the correct code. This can be due to improper session handling or a flawed validation algorithm.

Credit to Researcher(s)

Disclosed by Seralys.

CVE-2025-32976: Quest KACE SMA Two-Factor Authentication Bypass

CVE-2025-32976: Quest KACE SMA Two-Factor Authentication Bypass

Vulnerability Details

Timeline of Events

Exploitability & Real-World Risk

Recommendations

Technical Insight

Credit to Researcher(s)

References

Tags

Timeline

References

Post a Comment

Contact Form