返回
-
标题
Quest response to KACE SMA Agent Vulnerabilities: CVE-2024-23772, CVE-2024-23773, CVE-2024-23774 -
说明
The Quest team has been made aware of vulnerabilities involving the KACE System Management Agent product:
- CVE-2024-23772
- CVE-2024-23773
- CVE-2024-23774
Vulnerabilities found and reported by Tom Norfolk (AJ Bell).
Quest takes handling of vulnerabilities seriously, and we investigate and respond to all reported potential vulnerabilities. Our vulnerability reporting and response process can be found here . -
原因
CVE-2024-23772, CVE-2024-23773, CVE-2024-23774 vulnerabilities exist within Quest KACE Systems Management Appliance (SMA) agent through 13.2 which could allow file manipulation and/or incorrect process launching under specific conditions. -
解决办法
The KACE SMA vulnerabilities reported under CVE-2024-23772, CVE-2024-23773, CVE-2024-23774 are resolved in the KACE SMA Agent versions 13.1.25 and 13.2.24 available for download at the support portal or for automatic update through the KACE SMA adminui Settings | Provisioning | Update Agents.