Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities by Blue Planet
CVE-2024-2005 (GCVE-0-2024-2005)
Vulnerability from cvelistv5 – Published: 2024-03-05 18:54 – Updated: 2024-08-29 17:10
VLAI
Title
SAML implementation allows privilege escalation
Summary
In Blue Planet® products through 22.12, a misconfiguration in the SAML implementation allows for privilege escalation. Only products using SAML authentication are affected.
Blue Planet® has released software updates that address this vulnerability for the affected products. Customers are advised to upgrade their Blue Planet products to the latest software version as soon as possible. The software updates can be downloaded from the Ciena Support Portal.
Severity
9 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| Blue Planet | Inventory (BPI) |
Affected:
early versions , ≤ 22.12
(custom)
Unaffected: 21.10 MR11 Unaffected: 22.02 MR5 Unaffected: 22.08 MR4 |
|
| Blue Planet | Orchestration (BPO) |
Affected:
early versions , ≤ 22.12
(custom)
Unaffected: 22.02.03 Unaffected: 22.08.05 Unaffected: 22.12.02 |
|
| Blue Planet | Route Optimization and Analysis (ROA) |
Affected:
early versions , ≤ 22.12
(custom)
Unaffected: 22.02.P01.11-R Unaffected: 22.08.P01.1-R Unaffected: 22.12.P01.2.1-R |
|
| Blue Planet | Unified Assurance and Analytics (UAA) |
Affected:
early versions , ≤ 22.12
(custom)
Unaffected: 22.02 MR5 Unaffected: 22.12 MR2 |
|
| blueplanet | orchestration |
Affected:
0 , ≤ 22.12
(custom)
Unaffected: 22.02.03 Unaffected: 22.08.05 Unaffected: 22.12.02 cpe:2.3:a:blueplanet:orchestration:*:*:*:*:*:*:*:* |
|
| blueplanet | route_optimization_and_analysis |
Affected:
0 , ≤ 22.12
(custom)
Unaffected: 22.02.p01.11-r Unaffected: 22.08.p01.1-r Unaffected: 22.12.p01.2.1-r cpe:2.3:a:blueplanet:route_optimization_and_analysis:*:*:*:*:*:*:*:* |
|
| blueplanet | inventory |
Affected:
0 , ≤ 22.12
(custom)
Unaffected: 21.10_mr11 Unaffected: 22.02_mr5 Unaffected: 22.08_mr4 cpe:2.3:a:blueplanet:inventory:*:*:*:*:*:*:*:* |
|
| blueplanet | unified_assurance_and_analytics |
Affected:
0 , ≤ 22.12
(custom)
Unaffected: 22.02_mr5 Unaffected: 22.12_mr2 cpe:2.3:a:blueplanet:unified_assurance_and_analytics:*:*:*:*:*:*:*:* |
Date Public
2024-03-04 17:07
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:56:22.708Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.ciena.com/product-security"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:blueplanet:orchestration:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "orchestration",
"vendor": "blueplanet",
"versions": [
{
"lessThanOrEqual": "22.12",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "22.02.03"
},
{
"status": "unaffected",
"version": "22.08.05"
},
{
"status": "unaffected",
"version": "22.12.02"
}
]
},
{
"cpes": [
"cpe:2.3:a:blueplanet:route_optimization_and_analysis:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "route_optimization_and_analysis",
"vendor": "blueplanet",
"versions": [
{
"lessThanOrEqual": "22.12",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "22.02.p01.11-r"
},
{
"status": "unaffected",
"version": "22.08.p01.1-r"
},
{
"status": "unaffected",
"version": "22.12.p01.2.1-r"
}
]
},
{
"cpes": [
"cpe:2.3:a:blueplanet:inventory:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "inventory",
"vendor": "blueplanet",
"versions": [
{
"lessThanOrEqual": "22.12",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "21.10_mr11"
},
{
"status": "unaffected",
"version": "22.02_mr5"
},
{
"status": "unaffected",
"version": "22.08_mr4"
}
]
},
{
"cpes": [
"cpe:2.3:a:blueplanet:unified_assurance_and_analytics:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "unified_assurance_and_analytics",
"vendor": "blueplanet",
"versions": [
{
"lessThanOrEqual": "22.12",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "22.02_mr5"
},
{
"status": "unaffected",
"version": "22.12_mr2"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2005",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T16:53:33.497826Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T17:10:16.253Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Inventory (BPI)",
"vendor": "Blue Planet",
"versions": [
{
"lessThanOrEqual": " 22.12",
"status": "affected",
"version": " early versions ",
"versionType": "custom"
},
{
"status": "unaffected",
"version": " 21.10 MR11"
},
{
"status": "unaffected",
"version": " 22.02 MR5"
},
{
"status": "unaffected",
"version": " 22.08 MR4"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Orchestration (BPO)",
"vendor": "Blue Planet",
"versions": [
{
"lessThanOrEqual": " 22.12",
"status": "affected",
"version": " early versions ",
"versionType": "custom"
},
{
"status": "unaffected",
"version": " 22.02.03"
},
{
"status": "unaffected",
"version": " 22.08.05"
},
{
"status": "unaffected",
"version": " 22.12.02"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Route Optimization and Analysis (ROA)",
"vendor": "Blue Planet",
"versions": [
{
"lessThanOrEqual": " 22.12",
"status": "affected",
"version": " early versions ",
"versionType": "custom"
},
{
"status": "unaffected",
"version": " 22.02.P01.11-R"
},
{
"status": "unaffected",
"version": " 22.08.P01.1-R"
},
{
"status": "unaffected",
"version": " 22.12.P01.2.1-R"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Unified Assurance and Analytics (UAA) ",
"vendor": "Blue Planet",
"versions": [
{
"lessThanOrEqual": " 22.12",
"status": "affected",
"version": " early versions ",
"versionType": "custom"
},
{
"status": "unaffected",
"version": " 22.02 MR5"
},
{
"status": "unaffected",
"version": " 22.12 MR2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Discovered by Prerit Chandok at Comcast"
}
],
"datePublic": "2024-03-04T17:07:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003eIn Blue Planet\u00ae products through 22.12, a misconfiguration in the SAML implementation allows for privilege escalation. Only products using SAML authentication are affected.\u003cbr\u003e\u003cbr\u003eBlue Planet\u00ae has released software updates that address this vulnerability for the affected products. Customers are advised to upgrade their Blue Planet products to the latest software version as soon as possible. The software updates can be downloaded from the Ciena Support Portal.\u003cbr\u003e\u003c/p\u003e\n\n\u003cbr\u003e\u003cp\u003e\u003c/p\u003e\n\n\n\n\n\n"
}
],
"value": "\nIn Blue Planet\u00ae products through 22.12, a misconfiguration in the SAML implementation allows for privilege escalation. Only products using SAML authentication are affected.\n\nBlue Planet\u00ae has released software updates that address this vulnerability for the affected products. Customers are advised to upgrade their Blue Planet products to the latest software version as soon as possible. The software updates can be downloaded from the Ciena Support Portal.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-03T16:34:59.282Z",
"orgId": "7bd90cf1-1651-495e-9ae8-9415fb3c9feb",
"shortName": "Ciena"
},
"references": [
{
"url": "https://www.ciena.com/product-security"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nSoftware patch to be applied\u003cbr\u003e"
}
],
"value": "\nSoftware patch to be applied\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SAML implementation allows privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7bd90cf1-1651-495e-9ae8-9415fb3c9feb",
"assignerShortName": "Ciena",
"cveId": "CVE-2024-2005",
"datePublished": "2024-03-05T18:54:00.839Z",
"dateReserved": "2024-02-29T11:16:19.384Z",
"dateUpdated": "2024-08-29T17:10:16.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2005 (GCVE-0-2024-2005)
Vulnerability from nvd – Published: 2024-03-05 18:54 – Updated: 2024-08-29 17:10
VLAI
Title
SAML implementation allows privilege escalation
Summary
In Blue Planet® products through 22.12, a misconfiguration in the SAML implementation allows for privilege escalation. Only products using SAML authentication are affected.
Blue Planet® has released software updates that address this vulnerability for the affected products. Customers are advised to upgrade their Blue Planet products to the latest software version as soon as possible. The software updates can be downloaded from the Ciena Support Portal.
Severity
9 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| Blue Planet | Inventory (BPI) |
Affected:
early versions , ≤ 22.12
(custom)
Unaffected: 21.10 MR11 Unaffected: 22.02 MR5 Unaffected: 22.08 MR4 |
|
| Blue Planet | Orchestration (BPO) |
Affected:
early versions , ≤ 22.12
(custom)
Unaffected: 22.02.03 Unaffected: 22.08.05 Unaffected: 22.12.02 |
|
| Blue Planet | Route Optimization and Analysis (ROA) |
Affected:
early versions , ≤ 22.12
(custom)
Unaffected: 22.02.P01.11-R Unaffected: 22.08.P01.1-R Unaffected: 22.12.P01.2.1-R |
|
| Blue Planet | Unified Assurance and Analytics (UAA) |
Affected:
early versions , ≤ 22.12
(custom)
Unaffected: 22.02 MR5 Unaffected: 22.12 MR2 |
|
| blueplanet | orchestration |
Affected:
0 , ≤ 22.12
(custom)
Unaffected: 22.02.03 Unaffected: 22.08.05 Unaffected: 22.12.02 cpe:2.3:a:blueplanet:orchestration:*:*:*:*:*:*:*:* |
|
| blueplanet | route_optimization_and_analysis |
Affected:
0 , ≤ 22.12
(custom)
Unaffected: 22.02.p01.11-r Unaffected: 22.08.p01.1-r Unaffected: 22.12.p01.2.1-r cpe:2.3:a:blueplanet:route_optimization_and_analysis:*:*:*:*:*:*:*:* |
|
| blueplanet | inventory |
Affected:
0 , ≤ 22.12
(custom)
Unaffected: 21.10_mr11 Unaffected: 22.02_mr5 Unaffected: 22.08_mr4 cpe:2.3:a:blueplanet:inventory:*:*:*:*:*:*:*:* |
|
| blueplanet | unified_assurance_and_analytics |
Affected:
0 , ≤ 22.12
(custom)
Unaffected: 22.02_mr5 Unaffected: 22.12_mr2 cpe:2.3:a:blueplanet:unified_assurance_and_analytics:*:*:*:*:*:*:*:* |
Date Public
2024-03-04 17:07
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:56:22.708Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.ciena.com/product-security"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:blueplanet:orchestration:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "orchestration",
"vendor": "blueplanet",
"versions": [
{
"lessThanOrEqual": "22.12",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "22.02.03"
},
{
"status": "unaffected",
"version": "22.08.05"
},
{
"status": "unaffected",
"version": "22.12.02"
}
]
},
{
"cpes": [
"cpe:2.3:a:blueplanet:route_optimization_and_analysis:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "route_optimization_and_analysis",
"vendor": "blueplanet",
"versions": [
{
"lessThanOrEqual": "22.12",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "22.02.p01.11-r"
},
{
"status": "unaffected",
"version": "22.08.p01.1-r"
},
{
"status": "unaffected",
"version": "22.12.p01.2.1-r"
}
]
},
{
"cpes": [
"cpe:2.3:a:blueplanet:inventory:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "inventory",
"vendor": "blueplanet",
"versions": [
{
"lessThanOrEqual": "22.12",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "21.10_mr11"
},
{
"status": "unaffected",
"version": "22.02_mr5"
},
{
"status": "unaffected",
"version": "22.08_mr4"
}
]
},
{
"cpes": [
"cpe:2.3:a:blueplanet:unified_assurance_and_analytics:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "unified_assurance_and_analytics",
"vendor": "blueplanet",
"versions": [
{
"lessThanOrEqual": "22.12",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "22.02_mr5"
},
{
"status": "unaffected",
"version": "22.12_mr2"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2005",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T16:53:33.497826Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T17:10:16.253Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Inventory (BPI)",
"vendor": "Blue Planet",
"versions": [
{
"lessThanOrEqual": " 22.12",
"status": "affected",
"version": " early versions ",
"versionType": "custom"
},
{
"status": "unaffected",
"version": " 21.10 MR11"
},
{
"status": "unaffected",
"version": " 22.02 MR5"
},
{
"status": "unaffected",
"version": " 22.08 MR4"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Orchestration (BPO)",
"vendor": "Blue Planet",
"versions": [
{
"lessThanOrEqual": " 22.12",
"status": "affected",
"version": " early versions ",
"versionType": "custom"
},
{
"status": "unaffected",
"version": " 22.02.03"
},
{
"status": "unaffected",
"version": " 22.08.05"
},
{
"status": "unaffected",
"version": " 22.12.02"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Route Optimization and Analysis (ROA)",
"vendor": "Blue Planet",
"versions": [
{
"lessThanOrEqual": " 22.12",
"status": "affected",
"version": " early versions ",
"versionType": "custom"
},
{
"status": "unaffected",
"version": " 22.02.P01.11-R"
},
{
"status": "unaffected",
"version": " 22.08.P01.1-R"
},
{
"status": "unaffected",
"version": " 22.12.P01.2.1-R"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Unified Assurance and Analytics (UAA) ",
"vendor": "Blue Planet",
"versions": [
{
"lessThanOrEqual": " 22.12",
"status": "affected",
"version": " early versions ",
"versionType": "custom"
},
{
"status": "unaffected",
"version": " 22.02 MR5"
},
{
"status": "unaffected",
"version": " 22.12 MR2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Discovered by Prerit Chandok at Comcast"
}
],
"datePublic": "2024-03-04T17:07:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003eIn Blue Planet\u00ae products through 22.12, a misconfiguration in the SAML implementation allows for privilege escalation. Only products using SAML authentication are affected.\u003cbr\u003e\u003cbr\u003eBlue Planet\u00ae has released software updates that address this vulnerability for the affected products. Customers are advised to upgrade their Blue Planet products to the latest software version as soon as possible. The software updates can be downloaded from the Ciena Support Portal.\u003cbr\u003e\u003c/p\u003e\n\n\u003cbr\u003e\u003cp\u003e\u003c/p\u003e\n\n\n\n\n\n"
}
],
"value": "\nIn Blue Planet\u00ae products through 22.12, a misconfiguration in the SAML implementation allows for privilege escalation. Only products using SAML authentication are affected.\n\nBlue Planet\u00ae has released software updates that address this vulnerability for the affected products. Customers are advised to upgrade their Blue Planet products to the latest software version as soon as possible. The software updates can be downloaded from the Ciena Support Portal.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-03T16:34:59.282Z",
"orgId": "7bd90cf1-1651-495e-9ae8-9415fb3c9feb",
"shortName": "Ciena"
},
"references": [
{
"url": "https://www.ciena.com/product-security"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nSoftware patch to be applied\u003cbr\u003e"
}
],
"value": "\nSoftware patch to be applied\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SAML implementation allows privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7bd90cf1-1651-495e-9ae8-9415fb3c9feb",
"assignerShortName": "Ciena",
"cveId": "CVE-2024-2005",
"datePublished": "2024-03-05T18:54:00.839Z",
"dateReserved": "2024-02-29T11:16:19.384Z",
"dateUpdated": "2024-08-29T17:10:16.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}