CVE-2025-32976

Name of the Vulnerable Software and Affected Versions: Quest KACE Systems Management Appliance (SMA) versions 13.0.x through 13.0.384 Quest KACE Systems Management Appliance (SMA) versions 13.1.x through 13.1.80 Quest KACE Systems Management Appliance (SMA) versions 13.2.x through 13.2.182 Quest KACE Systems Management Appliance (SMA) versions 14.0.x through 14.0.340 (Patch 4) Quest KACE Systems Management Appliance (SMA) versions 14.1.x through 14.1.100 (Patch 3)

Description: The issue is related to a logic flaw in the two-factor authentication implementation of the Quest KACE Systems Management Appliance (SMA), allowing authenticated users to bypass TOTP-based 2FA requirements. This flaw exists in the 2FA validation process and can be exploited to gain elevated access.

Recommendations: For versions 13.0.x through 13.0.384, update to version 13.0.385 or later. For versions 13.1.x through 13.1.80, update to version 13.1.81 or later. For versions 13.2.x through 13.2.182, update to version 13.2.183 or later. For versions 14.0.x through 14.0.340 (Patch 4), update to version 14.0.341 (Patch 5) or later. For versions 14.1.x through 14.1.100 (Patch 3), update to version 14.1.101 (Patch 4) or later.