Quest response to KACE SMA Agent Vulnerabilities: CVE-2024-23772, CVE-2024-23773, CVE-2024-23774 (4375402)

Chat now with support

Return

Feedback Submitted

Did this article solve an issue for you?

Select Rating

Title

Quest response to KACE SMA Agent Vulnerabilities: CVE-2024-23772, CVE-2024-23773, CVE-2024-23774
Description
The Quest team has been made aware of vulnerabilities involving the KACE System Management Agent product:
- CVE-2024-23772
- CVE-2024-23773
- CVE-2024-23774
Vulnerabilities found and reported by Tom Norfolk (AJ Bell).

Quest takes handling of vulnerabilities seriously, and we investigate and respond to all reported potential vulnerabilities. Our vulnerability reporting and response process can be found here .
Cause

CVE-2024-23772, CVE-2024-23773, CVE-2024-23774 vulnerabilities exist within Quest KACE Systems Management Appliance (SMA) agent through 13.2 which could allow file manipulation and/or incorrect process launching under specific conditions.
Resolution

The KACE SMA vulnerabilities reported under CVE-2024-23772, CVE-2024-23773, CVE-2024-23774 are resolved in the KACE SMA Agent since version 13.1.25 and 13.2.24.

Please get the latest agent version available for download at the support portal or using the automatic update through your KACE SMA adminui Settings | Provisioning | Update Agents.

Feedback Submitted

Did this article solve an issue for you?

Select Rating

Title