关键信息 漏洞标题 Title: 2FA Bypass 影响产品 Product: Quest KACE Systems Management Appliance (SMA) 影响版本 Affected: Confirmed on 14.1 (older versions likely affected) 修复版本 Fixed in: - 13.0.385 - 13.1.81 - 13.2.183 - 14.0.341 (Patch 5) - 14.1.101 (Patch 4) 厂商 Vendor: Quest Software 发现时间 Discovered: April 2025 严重性 Severity: HIGH CWE 和 CVE 编号 CWE: CWE-288: Authentication Bypass Using an Alternate Path CVE: CVE-2025-32976 CVSS 分数 CVSS: 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) 发现者 Discovered by: Philippe Caturegli & Mohamed Mahmoudi (Seralys) 概述 Quest KACE SMA 在其双因素身份验证实现中存在逻辑缺陷,允许已认证用户绕过基于TOTP的2FA要求。该漏洞存在于2FA验证过程中,可被利用以获得提升的访问权限。 影响 Impact: Bypass of TOTP-based two-factor authentication 厂商响应 Quest 已发布针对此漏洞的修复程序作为协调披露工作的一部分。详细信息和补丁可用性记录在其公告中: - https://support.quest.com/kb/4379499/quest-response-to-kace-sma-vulnerabilities-cve-2025-32975-cve-2025-32976-cve-2025-32977-cve-2025-32978 时间线 Timeline: - 2025-04-14: Initial report submitted to Quest Software - 2025-04-14: Vendor acknowledged receipt and initiated coordination - 2025-05-08: Quest shared a preliminary hotfix with Seralys - 2025-05-17: Seralys confirmed hotfix addressed the reported issues - 2025-05-27: Quest publicly released the hotfix for CVE-2025-32976 - 2025-06-23: High level public disclosure by Seralys