Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
A single crafted HTTP request over the network with no auth or interaction (AV:N/AC:L/PR:N/UI:N) yields full management access, so C:H/I:H/A:H.
Primary rating from Vendor (7bd90cf1-1651-495e-9ae8-9415fb3c9feb).
CVSS VectorVendor: 7bd90cf1-1651-495e-9ae8-9415fb3c9feb
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
An authentication bypass vulnerability exists in certain releases of Ciena Navigator Network Control Suite (NCS), Manage Control Plan (MCP), and Blue Planet products. The issue is caused by improper handling of HTTP request paths and headers, which allows an unauthenticated attacker to manipulate requests in a manner that bypasses authentication and associated audit logging controls.
AnalysisAI
Authentication bypass in Ciena Navigator Network Control Suite (NCS 8.1), Manage Control Plane (MCP ≤ 8.0), and Blue Planet components (Inventory, Orchestration, Route Optimization & Analysis, Unified Assurance & Analytics, Planner Plus) allows an unauthenticated network attacker to manipulate HTTP request paths and headers to reach protected functionality while also evading audit logging. Rated CVSS 9.8 with a fully remote, low-complexity, no-interaction vector, this flaw hands attackers administrative-level access to carrier-grade network control and orchestration platforms. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires network reachability to the HTTP(S) management interface of an affected Ciena product (Navigator NCS 8.1, MCP ≤ 8.0, or a listed Blue Planet module version) and the ability to send crafted requests with manipulated URL paths and/or HTTP headers; per CVSS AV:N/AC:L/PR:N/UI:N no authentication, user interaction, or special client is needed against affected versions. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | All static signals point to genuine high priority: the CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N, C:H/I:H/A:H) means remote, unauthenticated, single-request exploitation with total confidentiality, integrity, and availability impact, consistent with the 9.8 base score. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who can reach the Navigator NCS, MCP, or Blue Planet web interface sends a single crafted HTTP request with manipulated path segments and/or headers that the authentication layer fails to associate with a protected endpoint, gaining access to privileged management functions without credentials. Because the same manipulation evades audit logging, the attacker can enumerate topology, alter network service orchestration, or disrupt managed transport/optical services while leaving little trace. … |
| Remediation | Patch available per vendor advisory: consult Ciena's Product Security portal (https://www.ciena.com/product-security) for the fixed releases - the EUVD version ranges use '≤' notation, indicating remediation is delivered in releases above each listed threshold (e.g., MCP above 8.0, Navigator NCS above 8.1, and the corresponding higher Blue Planet Inventory/Orchestration/ROA/UAA/Planner Plus builds); apply the vendor-supplied upgrade for your specific module and train. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, identify all affected Ciena Navigator NCS 8.1, MCP ≤8.0, and Blue Planet implementations and immediately restrict network access to management interfaces using firewall rules and network segmentation to trusted networks only. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-287 – Improper Authentication
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44573
GHSA-rp4h-q5qj-wrcr