CVE-2024-2005

In Blue Planet® products through 22.12, a misconfiguration in the SAML implementation allows for privilege escalation. Only products using SAML authentication are affected. Blue Planet® has released software updates that address this vulnerability for the affected products. Customers are advised to upgrade their Blue Planet products to the latest software version as soon as possible. The software updates can be downloaded from the Ciena Support Portal.

CVSS v3 9.0 CRITICAL

9.0^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://www.ciena.com/product-security

Configurations

No configuration.

History

No history.

Information

Published : 2024-03-06 12:15

Updated : 2024-04-03 17:15

NVD link : CVE-2024-2005

Mitre link : CVE-2024-2005

CVE.ORG link : CVE-2024-2005

JSON object : View

Products Affected

No product.

CWE

CWE-269

Improper Privilege Management

9.0 /10