Please take immediate steps toward planning upgrades now.
KACE Products included in this disclosure:
KACE Systems Management Appliance
KACE as a Service
KACE Asset Management Appliance
KACE Service Desk
During a recent penetration testing (pen-test) exercise by an independent cybersecurity consultant, it was determined that multiple KACE Systems Management Appliance (SMA) and related-family products have vulnerabilities that could be exploited to allow unauthorized access to the environment, and/or your data. The vulnerability potentially affects any SMA-Family appliance of any version, and it is our recommendation that all customers upgrade to 12.1 immediately, however KACE has also released a patch for prior versions which are within support lifecycles:
Version Update options:
11.0 Downloads (Required if not currently running 11.0.275)
11.1 Downloads (Required if not currently running 11.1.264)
12.0 Downloads (Required if not currently running 12.0.150)
12.1 Downloads (Required if not currently running 12.1.168)
Important: Please note that this notification is being provided to you prior to the publishing of public CVE’s. Upon publication of the CVE’s, unpatched systems remain at risk, and could lead to active exploits. If your appliance has a public IP address, you are at increased risk.
KACE is not aware of any active exploits at the time of this disclosure, and have developed hotfixes for vulnerabilities deemed critical. This hotfix has been purpose built so that a reboot is not necessary to allow you to apply it immediately without the need to schedule down time