CVE-2024-2005 CRITICAL

CVE-2024-2005: SAML implementation allows privilege escalation

Vendor Blue Planet

Product Inventory (BPI)

Weakness CWE-269

Published March 5, 2024

Last update August 29, 2024

View on NVD All CVEs

CVSS base score

9.0/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

In Blue Planet® products through 22.12, a misconfiguration in the SAML implementation allows for privilege escalation. Only products using SAML authentication are affected. Blue Planet® has released software updates that address this vulnerability for the affected products. Customers are advised to upgrade their Blue Planet products to the latest software version as soon as possible. The software updates can be downloaded from the Ciena Support Portal.

Key dates

02Disclosure timeline

March 5, 2024 CVE published

August 29, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-2005 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/269.html

Related vulnerabilities

Identifiers

CVE CVE-2024-2005

CWE CWE-269

CVSS 9.0 / CRITICAL

Affected versions

Vendor Blue Planet

Product Inventory (BPI)

Affected ≥ early versions and ≤ 22.12

Vendor Blue Planet

Product Orchestration (BPO)

Affected ≥ early versions and ≤ 22.12

Vendor Blue Planet

Product Route Optimization and Analysis (ROA)

Affected ≥ early versions and ≤ 22.12

Vendor Blue Planet

Product Unified Assurance and Analytics (UAA)

Affected ≥ early versions and ≤ 22.12

CVE-2024-2005: SAML implementation allows privilege escalation

01Description

02Disclosure timeline

03References

04Related CVE