CVE-2024-2005 - Vulnerability Details - OpenCVE

In Blue Planet® products through 22.12, a misconfiguration in the SAML implementation allows for privilege escalation. Only products using SAML authentication are affected. Blue Planet® has released software updates that address this vulnerability for the affected products. Customers are advised to upgrade their Blue Planet products to the latest software version as soon as possible. The software updates can be downloaded from the Ciena Support Portal.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ciena	Blue Planet Inventory

Configuration 1 [-]

cpe:2.3:a:ciena:blue_planet_inventory:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.ciena.com/product-security

History

Thu, 13 Nov 2025 16:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Ciena Ciena blue Planet Inventory
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:ciena:blue_planet_inventory::::::::
Vendors & Products		Ciena Ciena blue Planet Inventory

MITRE

Status: PUBLISHED

Assigner: Ciena

Published: 2024-03-05T18:54:00.839Z

Updated: 2024-08-29T17:10:16.253Z

Reserved: 2024-02-29T11:16:19.384Z

Link: CVE-2024-2005

Vulnrichment

Updated: 2024-08-01T18:56:22.708Z

NVD

Status : Analyzed

Published: 2024-03-06T12:15:45.827

Modified: 2025-11-13T16:42:15.917

Link: CVE-2024-2005

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-2005", "assignerOrgId": "7bd90cf1-1651-495e-9ae8-9415fb3c9feb", "state": "PUBLISHED", "assignerShortName": "Ciena", "dateReserved": "2024-02-29T11:16:19.384Z", "datePublished": "2024-03-05T18:54:00.839Z", "dateUpdated": "2024-08-29T17:10:16.253Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Inventory (BPI)", "vendor": "Blue Planet", "versions": [{"lessThanOrEqual": " 22.12", "status": "affected", "version": " early versions ", "versionType": "custom"}, {"status": "unaffected", "version": " 21.10 MR11"}, {"status": "unaffected", "version": " 22.02 MR5"}, {"status": "unaffected", "version": " 22.08 MR4"}]}, {"defaultStatus": "unaffected", "product": "Orchestration (BPO)", "vendor": "Blue Planet", "versions": [{"lessThanOrEqual": " 22.12", "status": "affected", "version": " early versions ", "versionType": "custom"}, {"status": "unaffected", "version": " 22.02.03"}, {"status": "unaffected", "version": " 22.08.05"}, {"status": "unaffected", "version": " 22.12.02"}]}, {"defaultStatus": "unaffected", "product": "Route Optimization and Analysis (ROA)", "vendor": "Blue Planet", "versions": [{"lessThanOrEqual": " 22.12", "status": "affected", "version": " early versions ", "versionType": "custom"}, {"status": "unaffected", "version": " 22.02.P01.11-R"}, {"status": "unaffected", "version": " 22.08.P01.1-R"}, {"status": "unaffected", "version": " 22.12.P01.2.1-R"}]}, {"defaultStatus": "unaffected", "product": "Unified Assurance and Analytics (UAA) ", "vendor": "Blue Planet", "versions": [{"lessThanOrEqual": " 22.12", "status": "affected", "version": " early versions ", "versionType": "custom"}, {"status": "unaffected", "version": " 22.02 MR5"}, {"status": "unaffected", "version": " 22.12 MR2"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Discovered by Prerit Chandok at Comcast"}], "datePublic": "2024-03-04T17:07:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>\n\n</p><p>In Blue Planet\u00ae products through 22.12, a misconfiguration in the SAML implementation allows for privilege escalation. Only products using SAML authentication are affected.<br><br>Blue Planet\u00ae has released software updates that address this vulnerability for the affected products. Customers are advised to upgrade their Blue Planet products to the latest software version as soon as possible. The software updates can be downloaded from the Ciena Support Portal.<br></p>\n\n<br><p></p>\n\n\n\n\n\n"}], "value": "\nIn Blue Planet\u00ae products through 22.12, a misconfiguration in the SAML implementation allows for privilege escalation. Only products using SAML authentication are affected.\n\nBlue Planet\u00ae has released software updates that address this vulnerability for the affected products. Customers are advised to upgrade their Blue Planet products to the latest software version as soon as possible. The software updates can be downloaded from the Ciena Support Portal.\n\n"}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7bd90cf1-1651-495e-9ae8-9415fb3c9feb", "shortName": "Ciena", "dateUpdated": "2024-04-03T16:34:59.282Z"}, "references": [{"url": "https://www.ciena.com/product-security"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\nSoftware patch to be applied<br>"}], "value": "\nSoftware patch to be applied\n"}], "source": {"discovery": "UNKNOWN"}, "title": "SAML implementation allows privilege escalation", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:56:22.708Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.ciena.com/product-security", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "blueplanet", "product": "orchestration", "cpes": ["cpe:2.3:a:blueplanet:orchestration:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "22.12", "versionType": "custom"}, {"version": "22.02.03", "status": "unaffected"}, {"version": "22.08.05", "status": "unaffected"}, {"version": "22.12.02", "status": "unaffected"}]}, {"vendor": "blueplanet", "product": "route_optimization_and_analysis", "cpes": ["cpe:2.3:a:blueplanet:route_optimization_and_analysis:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "22.12", "versionType": "custom"}, {"version": "22.02.p01.11-r", "status": "unaffected"}, {"version": "22.08.p01.1-r", "status": "unaffected"}, {"version": "22.12.p01.2.1-r", "status": "unaffected"}]}, {"vendor": "blueplanet", "product": "inventory", "cpes": ["cpe:2.3:a:blueplanet:inventory:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "22.12", "versionType": "custom"}, {"version": "21.10_mr11", "status": "unaffected"}, {"version": "22.02_mr5", "status": "unaffected"}, {"version": "22.08_mr4", "status": "unaffected"}]}, {"vendor": "blueplanet", "product": "unified_assurance_and_analytics", "cpes": ["cpe:2.3:a:blueplanet:unified_assurance_and_analytics:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "22.12", "versionType": "custom"}, {"version": "22.02_mr5", "status": "unaffected"}, {"version": "22.12_mr2", "status": "unaffected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-29T16:53:33.497826Z", "id": "CVE-2024-2005", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-29T17:10:16.253Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.ciena.com/product-security", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:56:22.708Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-2005", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-29T16:53:33.497826Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:blueplanet:orchestration:*:*:*:*:*:*:*:*"], "vendor": "blueplanet", "product": "orchestration", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "22.12"}, {"status": "unaffected", "version": "22.02.03"}, {"status": "unaffected", "version": "22.08.05"}, {"status": "unaffected", "version": "22.12.02"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:blueplanet:route_optimization_and_analysis:*:*:*:*:*:*:*:*"], "vendor": "blueplanet", "product": "route_optimization_and_analysis", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "22.12"}, {"status": "unaffected", "version": "22.02.p01.11-r"}, {"status": "unaffected", "version": "22.08.p01.1-r"}, {"status": "unaffected", "version": "22.12.p01.2.1-r"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:blueplanet:inventory:*:*:*:*:*:*:*:*"], "vendor": "blueplanet", "product": "inventory", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "22.12"}, {"status": "unaffected", "version": "21.10_mr11"}, {"status": "unaffected", "version": "22.02_mr5"}, {"status": "unaffected", "version": "22.08_mr4"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:blueplanet:unified_assurance_and_analytics:*:*:*:*:*:*:*:*"], "vendor": "blueplanet", "product": "unified_assurance_and_analytics", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "22.12"}, {"status": "unaffected", "version": "22.02_mr5"}, {"status": "unaffected", "version": "22.12_mr2"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-29T17:09:28.206Z"}}], "cna": {"title": "SAML implementation allows privilege escalation", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Discovered by Prerit Chandok at Comcast"}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Blue Planet", "product": "Inventory (BPI)", "versions": [{"status": "affected", "version": " early versions ", "versionType": "custom", "lessThanOrEqual": " 22.12"}, {"status": "unaffected", "version": " 21.10 MR11"}, {"status": "unaffected", "version": " 22.02 MR5"}, {"status": "unaffected", "version": " 22.08 MR4"}], "defaultStatus": "unaffected"}, {"vendor": "Blue Planet", "product": "Orchestration (BPO)", "versions": [{"status": "affected", "version": " early versions ", "versionType": "custom", "lessThanOrEqual": " 22.12"}, {"status": "unaffected", "version": " 22.02.03"}, {"status": "unaffected", "version": " 22.08.05"}, {"status": "unaffected", "version": " 22.12.02"}], "defaultStatus": "unaffected"}, {"vendor": "Blue Planet", "product": "Route Optimization and Analysis (ROA)", "versions": [{"status": "affected", "version": " early versions ", "versionType": "custom", "lessThanOrEqual": " 22.12"}, {"status": "unaffected", "version": " 22.02.P01.11-R"}, {"status": "unaffected", "version": " 22.08.P01.1-R"}, {"status": "unaffected", "version": " 22.12.P01.2.1-R"}], "defaultStatus": "unaffected"}, {"vendor": "Blue Planet", "product": "Unified Assurance and Analytics (UAA) ", "versions": [{"status": "affected", "version": " early versions ", "versionType": "custom", "lessThanOrEqual": " 22.12"}, {"status": "unaffected", "version": " 22.02 MR5"}, {"status": "unaffected", "version": " 22.12 MR2"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "\nSoftware patch to be applied\n", "supportingMedia": [{"type": "text/html", "value": "\n\nSoftware patch to be applied<br>", "base64": false}]}], "datePublic": "2024-03-04T17:07:00.000Z", "references": [{"url": "https://www.ciena.com/product-security"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "\nIn Blue Planet\u00ae products through 22.12, a misconfiguration in the SAML implementation allows for privilege escalation. Only products using SAML authentication are affected.\n\nBlue Planet\u00ae has released software updates that address this vulnerability for the affected products. Customers are advised to upgrade their Blue Planet products to the latest software version as soon as possible. The software updates can be downloaded from the Ciena Support Portal.\n\n", "supportingMedia": [{"type": "text/html", "value": "<p>\n\n</p><p>In Blue Planet\u00ae products through 22.12, a misconfiguration in the SAML implementation allows for privilege escalation. Only products using SAML authentication are affected.<br><br>Blue Planet\u00ae has released software updates that address this vulnerability for the affected products. Customers are advised to upgrade their Blue Planet products to the latest software version as soon as possible. The software updates can be downloaded from the Ciena Support Portal.<br></p>\n\n<br><p></p>\n\n\n\n\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management"}]}], "providerMetadata": {"orgId": "7bd90cf1-1651-495e-9ae8-9415fb3c9feb", "shortName": "Ciena", "dateUpdated": "2024-04-03T16:34:59.282Z"}}}, "cveMetadata": {"cveId": "CVE-2024-2005", "state": "PUBLISHED", "dateUpdated": "2024-08-29T17:10:16.253Z", "dateReserved": "2024-02-29T11:16:19.384Z", "assignerOrgId": "7bd90cf1-1651-495e-9ae8-9415fb3c9feb", "datePublished": "2024-03-05T18:54:00.839Z", "assignerShortName": "Ciena"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ciena:blue_planet_inventory:*:*:*:*:*:*:*:*", "matchCriteriaId": "1185C6C2-F148-4909-8BA1-63E511A46851", "versionEndIncluding": "22.12", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "\nIn Blue Planet\u00ae products through 22.12, a misconfiguration in the SAML implementation allows for privilege escalation. Only products using SAML authentication are affected.\n\nBlue Planet\u00ae has released software updates that address this vulnerability for the affected products. Customers are advised to upgrade their Blue Planet products to the latest software version as soon as possible. The software updates can be downloaded from the Ciena Support Portal.\n\n"}, {"lang": "es", "value": "En los productos Blue Planet\u00ae hasta la versi\u00f3n 22.12, una mala configuraci\u00f3n en la implementaci\u00f3n de SAML permite la escalada de privilegios. S\u00f3lo se ven afectados los productos que utilizan autenticaci\u00f3n SAML. Blue Planet\u00ae ha lanzado actualizaciones de software que abordan esta vulnerabilidad para los productos afectados. Se recomienda a los clientes que actualicen sus productos Blue Planet a la \u00faltima versi\u00f3n del software lo antes posible. Las actualizaciones de software se pueden descargar desde el Portal de soporte de Ciena."}], "id": "CVE-2024-2005", "lastModified": "2025-11-13T16:42:15.917", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "7bd90cf1-1651-495e-9ae8-9415fb3c9feb", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-03-06T12:15:45.827", "references": [{"source": "7bd90cf1-1651-495e-9ae8-9415fb3c9feb", "tags": ["Not Applicable"], "url": "https://www.ciena.com/product-security"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "https://www.ciena.com/product-security"}], "sourceIdentifier": "7bd90cf1-1651-495e-9ae8-9415fb3c9feb", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "7bd90cf1-1651-495e-9ae8-9415fb3c9feb", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}