Return
-
Title
Quest response to KACE SMA vulnerabilities: CVE-2022-30285 -
Description
The Quest team has been made aware regarding vulnerabilities involving the KACE System Management Appliance product below:
Quest takes handling of vulnerabilities seriously, and we investigate and respond to all reported potential vulnerabilities. Our vulnerability reporting and response process can be found here. -
Cause
CVE-2022-30285: A hash collision is possible during authentication to a Quest KACE Systems Management Appliance (SMA) through 12.0 that may allow authentication with invalid credentials.
-
Resolution
The KACE SMA vulnerability reported under CVE-2022-30285 is resolved in version 12.1.168 of the KACE Systems Management Appliance, available for download here.
If unable to upgrade to the latest version at this time, please refer to KACE SMA April 2022 Critical Security Hotfix.