CVE-2024-2005

SAML implementation allows privilege escalation

Description

In Blue Planet® products through 22.12, a misconfiguration in the SAML implementation allows for privilege escalation. Only products using SAML authentication are affected. Blue Planet® has released software updates that address this vulnerability for the affected products. Customers are advised to upgrade their Blue Planet products to the latest software version as soon as possible. The software updates can be downloaded from the Ciena Support Portal.

Remediation

Solution:

Software patch to be applied

References

Link	Tags
https://www.ciena.com/product-security	not applicable

Frequently Asked Questions

What is the severity of CVE-2024-2005?: CVE-2024-2005 has been scored as a critical severity vulnerability.
How to fix CVE-2024-2005?: To fix CVE-2024-2005: Software patch to be applied
Is CVE-2024-2005 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-2005 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-2005?: CVE-2024-2005 affects Blue Planet Inventory (BPI), Blue Planet Orchestration (BPO), Blue Planet Route Optimization and Analysis (ROA), Blue Planet Unified Assurance and Analytics (UAA) .

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.

Description

Remediation

Category

CWE-269 – Improper Privilege Management

References

Frequently Asked Questions