CVE-2024-2005

Summary

In Blue Planet® products through 22.12, a misconfiguration in the SAML implementation allows for privilege escalation. Only products using SAML authentication are affected.

Blue Planet® has released software updates that address this vulnerability for the affected products. Customers are advised to upgrade their Blue Planet products to the latest software version as soon as possible. The software updates can be downloaded from the Ciena Support Portal.

Affected Software

VendorProductVersion RangeStatus
Blue PlanetInventory (BPI)early versions <= 22.12affected
Blue PlanetInventory (BPI)21.10 MR11unaffected
Blue PlanetInventory (BPI)22.02 MR5unaffected
Blue PlanetInventory (BPI)22.08 MR4unaffected
Blue PlanetOrchestration (BPO)early versions <= 22.12affected
Blue PlanetOrchestration (BPO)22.02.03unaffected
Blue PlanetOrchestration (BPO)22.08.05unaffected
Blue PlanetOrchestration (BPO)22.12.02unaffected
Blue PlanetRoute Optimization and Analysis (ROA)early versions <= 22.12affected
Blue PlanetRoute Optimization and Analysis (ROA)22.02.P01.11-Runaffected
Blue PlanetRoute Optimization and Analysis (ROA)22.08.P01.1-Runaffected
Blue PlanetRoute Optimization and Analysis (ROA)22.12.P01.2.1-Runaffected
Blue PlanetUnified Assurance and Analytics (UAA)early versions <= 22.12affected
Blue PlanetUnified Assurance and Analytics (UAA)22.02 MR5unaffected
Blue PlanetUnified Assurance and Analytics (UAA)22.12 MR2unaffected

Weaknesses

  • CWE-269: CWE-269 Improper Privilege Management

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References