GSD-2024-2005
Vulnerability from gsd - Updated: 2024-03-01 06:03Details
Blue Planet® has released software updates that address this vulnerability for the affected products. Customers are advised to upgrade their Blue Planet products to the latest software version as soon as possible. The software updates can be downloaded from the Ciena Support Portal.
Aliases
{
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2024-2005"
],
"details": "\n\n\nBlue Planet\u00ae has released software updates that address this vulnerability for the affected products. Customers are advised to upgrade their Blue Planet products to the latest software version as soon as possible. The software updates can be downloaded from the Ciena Support Portal.\n\n\n\n\n\n\n\n\n\n\n\n\n\n",
"id": "GSD-2024-2005",
"modified": "2024-03-01T06:03:00.832903Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "psirt@ciena.com",
"ID": "CVE-2024-2005",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Inventory (BPI)",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected",
"versions": [
{
"lessThanOrEqual": " 22.12",
"status": "affected",
"version": " early versions ",
"versionType": "custom"
},
{
"status": "unaffected",
"version": " 21.10 MR11"
},
{
"status": "unaffected",
"version": " 22.02 MR5"
},
{
"status": "unaffected",
"version": " 22.08 MR4"
}
]
}
}
]
}
},
{
"product_name": "Orchestration (BPO)",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected",
"versions": [
{
"lessThanOrEqual": " 22.12",
"status": "affected",
"version": " early versions ",
"versionType": "custom"
},
{
"status": "unaffected",
"version": " 22.02.03"
},
{
"status": "unaffected",
"version": " 22.08.05"
},
{
"status": "unaffected",
"version": " 22.12.02"
}
]
}
}
]
}
},
{
"product_name": "Route Optimization and Analysis (ROA)",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected",
"versions": [
{
"lessThanOrEqual": " 22.12",
"status": "affected",
"version": " early versions ",
"versionType": "custom"
},
{
"status": "unaffected",
"version": " 22.02.P01.11-R"
},
{
"status": "unaffected",
"version": " 22.08.P01.1-R"
},
{
"status": "unaffected",
"version": " 22.12.P01.2.1-R"
}
]
}
}
]
}
},
{
"product_name": "Unified Assurance and Analytics (UAA) ",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected",
"versions": [
{
"lessThanOrEqual": " 22.12",
"status": "affected",
"version": " early versions ",
"versionType": "custom"
},
{
"status": "unaffected",
"version": " 22.02 MR5"
},
{
"status": "unaffected",
"version": " 22.12 MR2"
}
]
}
}
]
}
}
]
},
"vendor_name": "Blue Planet"
}
]
}
},
"credits": [
{
"lang": "en",
"value": "Discovered by Prerit Chandok at Comcast"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "\nIn Blue Planet\u00ae products through 22.12, a misconfiguration in the SAML implementation allows for privilege escalation. Only products using SAML authentication are affected.\n\nBlue Planet\u00ae has released software updates that address this vulnerability for the affected products. Customers are advised to upgrade their Blue Planet products to the latest software version as soon as possible. The software updates can be downloaded from the Ciena Support Portal.\n\n"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-269",
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ciena.com/product-security",
"refsource": "MISC",
"url": "https://www.ciena.com/product-security"
}
]
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nSoftware patch to be applied\u003cbr\u003e"
}
],
"value": "\nSoftware patch to be applied\n"
}
],
"source": {
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"cve": {
"descriptions": [
{
"lang": "en",
"value": "\nIn Blue Planet\u00ae products through 22.12, a misconfiguration in the SAML implementation allows for privilege escalation. Only products using SAML authentication are affected.\n\nBlue Planet\u00ae has released software updates that address this vulnerability for the affected products. Customers are advised to upgrade their Blue Planet products to the latest software version as soon as possible. The software updates can be downloaded from the Ciena Support Portal.\n\n"
},
{
"lang": "es",
"value": "En los productos Blue Planet\u00ae hasta la versi\u00f3n 22.12, una mala configuraci\u00f3n en la implementaci\u00f3n de SAML permite la escalada de privilegios. S\u00f3lo se ven afectados los productos que utilizan autenticaci\u00f3n SAML. Blue Planet\u00ae ha lanzado actualizaciones de software que abordan esta vulnerabilidad para los productos afectados. Se recomienda a los clientes que actualicen sus productos Blue Planet a la \u00faltima versi\u00f3n del software lo antes posible. Las actualizaciones de software se pueden descargar desde el Portal de soporte de Ciena."
}
],
"id": "CVE-2024-2005",
"lastModified": "2024-04-03T17:15:55.773",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "7bd90cf1-1651-495e-9ae8-9415fb3c9feb",
"type": "Secondary"
}
]
},
"published": "2024-03-06T12:15:45.827",
"references": [
{
"source": "7bd90cf1-1651-495e-9ae8-9415fb3c9feb",
"url": "https://www.ciena.com/product-security"
}
],
"sourceIdentifier": "7bd90cf1-1651-495e-9ae8-9415fb3c9feb",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "7bd90cf1-1651-495e-9ae8-9415fb3c9feb",
"type": "Secondary"
}
]
}
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…