CVE-2024-2005

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-2005
In Blue Planet® products through 22.12, a misconfiguration in the SAML implementation allows for privilege escalation. Only products using SAML authentication are affected. Blue Planet® has released software updates that address this vulnerability for the affected products. Customers are advised to upgrade their Blue Planet products to the latest software version as soon as possible. The software updates can be downloaded from the Ciena Support Portal.

9.0 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://www.ciena.com/product-security
Configurations

No configuration.

History

03 Apr 2024, 17:15

Type Values Removed Values Added
Summary
  • (es) En los productos Blue Planet® hasta la versión 22.12, una mala configuración en la implementación de SAML permite la escalada de privilegios. Sólo se ven afectados los productos que utilizan autenticación SAML. Blue Planet® ha lanzado actualizaciones de software que abordan esta vulnerabilidad para los productos afectados. Se recomienda a los clientes que actualicen sus productos Blue Planet a la última versión del software lo antes posible. Las actualizaciones de software se pueden descargar desde el Portal de soporte de Ciena.
Summary (en) In Blue Planet® products through 22.12, a misconfiguration in the SAML implementation allows for privilege escalation. Only products using SAML authentication are affected. Blue Planet® has released software updates that address this vulnerability for the affected products. Customers are advised to upgrade their Blue Planet products to the latest software version as soon as possible. The software updates can be downloaded from the Ciena Support Portal. (en) In Blue Planet® products through 22.12, a misconfiguration in the SAML implementation allows for privilege escalation. Only products using SAML authentication are affected. Blue Planet® has released software updates that address this vulnerability for the affected products. Customers are advised to upgrade their Blue Planet products to the latest software version as soon as possible. The software updates can be downloaded from the Ciena Support Portal.

06 Mar 2024, 12:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-03-06 12:15

Updated : 2024-04-03 17:15

NVD link : CVE-2024-2005

Mitre link : CVE-2024-2005

CVE.ORG link : CVE-2024-2005

JSON object : View

Products Affected

No product.

CWE
CWE-269

Improper Privilege Management