CVE-2024-2005
CRITICALBlue Planet Inventory < 22.12 - Privilege Escalation via SAML Misconfiguration
Title source: llmDescription
In Blue Planet® products through 22.12, a misconfiguration in the SAML implementation allows for privilege escalation. Only products using SAML authentication are affected. Blue Planet® has released software updates that address this vulnerability for the affected products. Customers are advised to upgrade their Blue Planet products to the latest software version as soon as possible. The software updates can be downloaded from the Ciena Support Portal.
References (1)
Core 1
Core References
Not Applicable
https://www.ciena.com/product-security
Scores
CVSS v3
9.0
EPSS
0.0045
EPSS Percentile
35.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-269
Status
published
Products (1)
ciena/blue_planet_inventory
< 22.12
Published
Mar 06, 2024
Tracked Since
Feb 18, 2026