Security Advisories
At Ciena, the security of our products and services is a top priority. To facilitate responsible reporting of security vulnerabilities in our products and services, we have established this Notice of Vulnerability Disclosure Policy (VDP).
We are committed to providing secure and reliable solutions that meet the highest standards of quality and performance. We also care about the potential impact of security vulnerabilities on our customers and their end-users. With this goal in mind, our dedicated Product Security Incident Response Team (PSIRT) is responsible for responding to cyber incidents and vulnerability reports affecting Ciena’s products and services.
For more information about the following vulnerabilities, please visit the Ciena Support Portal.
Date: March 4, 2024
Title: SAML implementation allows privilege escalation CVE-2024-2005
Description
In Blue Planet® products through 22.12, a misconfiguration in the SAML implementation allows for privilege escalation. Only products using SAML authentication are affected.
Product name(s): Blue Planet Inventory (BPI); Blue Planet Orchestration (BPO); Blue Planet Route Optimization and Analysis (ROA); Blue Planet Unified Assurance and Analytics (UAA).
Blue Planet has released software updates that address this vulnerability for the affected products. Customers are advised to upgrade their Blue Planet products to the latest software version as soon as possible. The software updates can be downloaded from the Ciena Support Portal.
The issue is fixed in:
- BPI: 21.10 MR11, 22.02 MR5, 22.08 MR4
- BPO: 22.02.03, 22.08.05, 22.12.02
- ROA: 22.02.P01.11-R, 22.08.P01.1-R, 22.12.P01.2.1-R
- UAA: 22.02 MR5, 22.12 MR2