-
Title
Quest response to KACE SMA vulnerability: CVE-2022-35889 -
Description
The Quest team has been made aware regarding vulnerabilities involving the KACE System Management Appliance product below:
CVE-2022-35889 : Agent PS Script Vulnerability
Quest takes handling of vulnerabilities seriously, and we investigate and respond to all reported potential vulnerabilities. Our vulnerability reporting and response process can be found here. -
Cause
CVE-2022-35889: A vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.1 that may allow local escalated privileges on a client.
-
Resolution
The KACE SMA vulnerability reported under CVE-2022-35889 is resolved in the KACE SMA Agent versions 12.0.39 and 12.1.55, available for download at the support portal or for automatic update through the KACE SMA adminui Settings | Provisioning | Update Agents.