Vulnerability Details CVE-2023-43320
An issue in Proxmox Server Solutions GmbH Proxmox VE v.5.4 thru v.8.0, Proxmox Backup Server v.1.1 thru v.3.0, and Proxmox Mail Gateway v.7.1 thru v.8.0 allows a remote authenticated attacker to escalate privileges via bypassing the two-factor authentication component.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.012
EPSS Ranking 78.2%
CVSS Severity
CVSS v3 Score 8.8
References
- http://packetstormsecurity.com/files/176967/Proxmox-VE-7.4-1-TOTP-Brute-Force.html
- https://bugzilla.proxmox.com/show_bug.cgi?id=4579
- https://bugzilla.proxmox.com/show_bug.cgi?id=4584
- https://github.com/proxmox/proxmox-rs/commit/50b793db8d3421bbfe2bce060a486263f18a90cb
- http://packetstormsecurity.com/files/176967/Proxmox-VE-7.4-1-TOTP-Brute-Force.html
- https://bugzilla.proxmox.com/show_bug.cgi?id=4579
- https://bugzilla.proxmox.com/show_bug.cgi?id=4584
- https://github.com/proxmox/proxmox-rs/commit/50b793db8d3421bbfe2bce060a486263f18a90cb
Products affected by CVE-2023-43320
-
cpe:2.3:a:proxmox:backup_server:1.1
-
cpe:2.3:a:proxmox:backup_server:2.0
-
cpe:2.3:a:proxmox:backup_server:2.1
-
cpe:2.3:a:proxmox:backup_server:2.2
-
cpe:2.3:a:proxmox:backup_server:2.3
-
cpe:2.3:a:proxmox:backup_server:2.4
-
cpe:2.3:a:proxmox:backup_server:3.0
-
cpe:2.3:a:proxmox:proxmox_mail_gateway:7.1
-
cpe:2.3:a:proxmox:proxmox_mail_gateway:7.2
-
cpe:2.3:a:proxmox:proxmox_mail_gateway:7.3
-
cpe:2.3:a:proxmox:proxmox_mail_gateway:8.0
-
cpe:2.3:a:proxmox:virtual_environment:5.4
-
cpe:2.3:a:proxmox:virtual_environment:6.0
-
cpe:2.3:a:proxmox:virtual_environment:6.1
-
cpe:2.3:a:proxmox:virtual_environment:6.2
-
cpe:2.3:a:proxmox:virtual_environment:6.3
-
cpe:2.3:a:proxmox:virtual_environment:6.4
-
cpe:2.3:a:proxmox:virtual_environment:7.0
-
cpe:2.3:a:proxmox:virtual_environment:7.1
-
cpe:2.3:a:proxmox:virtual_environment:7.2
-
cpe:2.3:a:proxmox:virtual_environment:7.3
-
cpe:2.3:a:proxmox:virtual_environment:7.4
-
cpe:2.3:a:proxmox:virtual_environment:8.0