Vulnerabilities > CVE-2023-43320 - Unspecified vulnerability in Proxmox products
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
An issue in Proxmox Server Solutions GmbH Proxmox VE v.5.4 thru v.8.0, Proxmox Backup Server v.1.1 thru v.3.0, and Proxmox Mail Gateway v.7.1 thru v.8.0 allows a remote authenticated attacker to escalate privileges via bypassing the two-factor authentication component.
Vulnerable Configurations
References
- http://packetstormsecurity.com/files/176967/Proxmox-VE-7.4-1-TOTP-Brute-Force.html
- http://packetstormsecurity.com/files/176967/Proxmox-VE-7.4-1-TOTP-Brute-Force.html
- https://bugzilla.proxmox.com/show_bug.cgi?id=4579
- https://bugzilla.proxmox.com/show_bug.cgi?id=4579
- https://bugzilla.proxmox.com/show_bug.cgi?id=4584
- https://bugzilla.proxmox.com/show_bug.cgi?id=4584
- https://github.com/proxmox/proxmox-rs/commit/50b793db8d3421bbfe2bce060a486263f18a90cb
- https://github.com/proxmox/proxmox-rs/commit/50b793db8d3421bbfe2bce060a486263f18a90cb