Vulnerability Database

308,485

Total vulnerabilities in the database

CVE-2023-43320

An issue in Proxmox Server Solutions GmbH Proxmox VE v.5.4 thru v.8.0, Proxmox Backup Server v.1.1 thru v.3.0, and Proxmox Mail Gateway v.7.1 thru v.8.0 allows a remote authenticated attacker to escalate privileges via bypassing the two-factor authentication component.

Published: Sep 27, 2023
Updated: Nov 16, 2025
CVE: CVE-2023-43320
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
proxmox / backup_server	1.1	3.0.x
proxmox / proxmox_mail_gateway	7.1	8.0.x
proxmox / virtual_environment	5.4	8.0.x

http://packetstormsecurity.com/files/176967/Proxmox-VE-7.4-1-TOTP-Brute-Force.html
https://bugzilla.proxmox.com/show_bug.cgi?id=4579
https://bugzilla.proxmox.com/show_bug.cgi?id=4584
https://github.com/proxmox/proxmox-rs/commit/50b793db8d3421bbfe2bce060a486263f18a90cb

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo