SB20260424172 - Multiple vulnerabilities in KACE Systems Management Appliance (SMA)

Description

This security bulletin contains information about 4 vulnerabilities.

1) Improper Authentication (CVE-ID: CVE-2025-32975)

CWE-ID: CWE-287 - Improper Authentication

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber

The vulnerability allows a remote attacker to bypass authentication and impersonate legitimate users.

The vulnerability exists due to improper authentication in the SSO authentication handling mechanism when processing authentication requests. A remote attacker can impersonate any valid username to bypass authentication and impersonate legitimate users.

The issue can lead to complete administrative takeover of the appliance.

2) Authentication bypass using an alternate path or channel (CVE-ID: CVE-2025-32976)

CWE-ID: CWE-288 - Authentication Bypass Using an Alternate Path or Channel

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote user to bypass TOTP-based two-factor authentication.

The vulnerability exists due to authentication bypass using an alternate path in the 2FA validation process when validating two-factor authentication. A remote user can exploit a logic flaw to bypass TOTP-based two-factor authentication.

The issue affects the two-factor authentication implementation.

3) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2025-32977)

CWE-ID: CWE-347 - Improper Verification of Cryptographic Signature

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

The vulnerability allows a remote attacker to upload malicious backup content.

The vulnerability exists due to improper verification of cryptographic signature in the backup upload functionality when processing uploaded backup files. A remote attacker can upload a specially crafted backup file to upload malicious backup content.

User interaction is required.

4) Missing Authentication for Critical Function (CVE-ID: CVE-2025-32978)

CWE-ID: CWE-306 - Missing Authentication for Critical Function

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to missing authentication for a critical function in the license renewal web interface when handling license replacement requests. A remote attacker can submit a crafted license replacement request to cause a denial of service.

This can disrupt administrative functions by replacing a valid license with an expired or trial license.

Remediation

Install update from vendor's website.

References

• https://seralys.com/research/CVE-2025-32975.txt
• https://support.quest.com/kb/4379499/quest-response-to-kace-sma-vulnerabilities-cve-2025-32975-cve-2025-32976-cve-2025-32977-cve-2025-32978
• https://seralys.com/research/CVE-2025-32976.txt
• https://seralys.com/research/CVE-2025-32977.txt
• https://seralys.com/research/CVE-2025-32978.txt