Vulnerability Description
An issue in Proxmox Server Solutions GmbH Proxmox VE v.5.4 thru v.8.0, Proxmox Backup Server v.1.1 thru v.3.0, and Proxmox Mail Gateway v.7.1 thru v.8.0 allows a remote authenticated attacker to escalate privileges via bypassing the two-factor authentication component.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Proxmox | Backup Server | >= 1.1, <= 3.0 |
| Proxmox | Proxmox Mail Gateway | >= 7.1, <= 8.0 |
| Proxmox | Virtual Environment | >= 5.4, <= 8.0 |
References
- http://packetstormsecurity.com/files/176967/Proxmox-VE-7.4-1-TOTP-Brute-Force.ht
- https://bugzilla.proxmox.com/show_bug.cgi?id=4579Issue TrackingVendor Advisory
- https://bugzilla.proxmox.com/show_bug.cgi?id=4584Issue TrackingVendor Advisory
- https://github.com/proxmox/proxmox-rs/commit/50b793db8d3421bbfe2bce060a486263f18Patch
- http://packetstormsecurity.com/files/176967/Proxmox-VE-7.4-1-TOTP-Brute-Force.ht
- https://bugzilla.proxmox.com/show_bug.cgi?id=4579Issue TrackingVendor Advisory
- https://bugzilla.proxmox.com/show_bug.cgi?id=4584Issue TrackingVendor Advisory
- https://github.com/proxmox/proxmox-rs/commit/50b793db8d3421bbfe2bce060a486263f18Patch
FAQ
What is CVE-2023-43320?
CVE-2023-43320 is a vulnerability with a CVSS score of 8.8 (HIGH). An issue in Proxmox Server Solutions GmbH Proxmox VE v.5.4 thru v.8.0, Proxmox Backup Server v.1.1 thru v.3.0, and Proxmox Mail Gateway v.7.1 thru v.8.0 allows a remote authenticated attacker to escal...
How severe is CVE-2023-43320?
CVE-2023-43320 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-43320?
Check the references section above for vendor advisories and patch information. Affected products include: Proxmox Backup Server, Proxmox Proxmox Mail Gateway, Proxmox Virtual Environment.