CVE-2024-2005

9.0 CRITICAL
Published: March 06, 2024 Modified: November 13, 2025
View on NVD

Description

In Blue Planet® products through 22.12, a misconfiguration in the SAML implementation allows for privilege escalation. Only products using SAML authentication are affected. Blue Planet® has released software updates that address this vulnerability for the affected products. Customers are advised to upgrade their Blue Planet products to the latest software version as soon as possible. The software updates can be downloaded from the Ciena Support Portal.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://www.ciena.com/product-security
Source: 7bd90cf1-1651-495e-9ae8-9415fb3c9feb
Not Applicable
https://www.ciena.com/product-security
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable

2 reference(s) from NVD

Quick Stats

CVSS v3 Score
9.0 / 10.0
EPSS (Exploit Probability)
0.1%
23th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-269

Affected Vendors

ciena

Related CVEs

CVE-2025-52691 10.0
CVE-2025-15168 7.3
CVE-2025-15167 7.3
CVE-2025-15166 7.3
CVE-2025-15165 7.3