It is confirmed that the Curl & Libcurl and associated vulnerabilities described under CVE-2023-38545 & CVE-2023-38545 does not impact the KACE SMA, KACE SMA Agent, KACE SDA, or the KACE Cloud agent, however all affected versions of these components will be updated in an upcoming major release.
In both CVE notifications, it should be noted that specific conditions must be met to allow exploitation, and KACE Support has not been notified of any affected implementations at the time of publication.
Quest recommends that all customers ensure they are running a configuration recommended by the CVE’s.
Quest recommends that all customers ensure they are running a supported version of the KACE SMA and KACE SDA appliances.
For any questions or assistance on this topic please contact our Tech Support.
