Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Default creds are reachable network-side with no prior auth (AV:N/AC:L/PR:N), but the accounts are stated to have very limited permissions, so standalone impact is low (C:L/I:L/A:N); higher impact needs a separate chained flaw.
Primary rating from Vendor (7bd90cf1-1651-495e-9ae8-9415fb3c9feb).
CVSS VectorVendor: 7bd90cf1-1651-495e-9ae8-9415fb3c9feb
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
In Ciena's Navigator Network Control Suite (NCS) and Manage Control Plan (MCP), there are hidden system accounts used for internal software operations. Some of these accounts have default passwords that may be predictable. While these accounts have very limited permissions on their own, an attacker could combine an attack using one of these accounts with other potential weaknesses to launch a more significant attack, possibly leading to escalation of privilege on the system.
AnalysisAI
Predictable default credentials in Ciena's Navigator Network Control Suite (NCS), Manage Control Plane (MCP), and Planner Plus OnPrem expose hidden system accounts used for internal software operations to remote attackers. These accounts carry limited permissions in isolation, but their known default passwords give an attacker a foothold that can be chained with other weaknesses to escalate privilege on the management system. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The concrete prerequisite is network reachability to the Ciena NCS, MCP, or Planner Plus OnPrem management/control-plane interface plus knowledge of the predictable default password for one of the product's built-in hidden system accounts - the vulnerability exists only because these accounts ship with static default credentials. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The signals here conflict sharply and warrant scrutiny. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who can reach the NCS/MCP management interface over the network authenticates to one of the hidden system accounts using its predictable default password, obtaining a low-privilege but authenticated presence on the management platform. From there the attacker pivots by combining this foothold with a separate flaw (e.g., a local privilege-escalation or misconfiguration) to gain elevated control of the network management system. … |
| Remediation | No exact fixed version was provided in the available data, so no vendor-released patch version can be independently confirmed at time of analysis; the affected-version upper bounds (Planner Plus OnPrem ≤ 4.1, MCP ≤ 8.0) imply remediated releases exist above those, but this must be confirmed directly with Ciena via the product security portal (https://www.ciena.com/product-security). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify and inventory all instances of Ciena Navigator NCS, MCP, and Planner Plus OnPrem across your infrastructure; document current versions and active system accounts. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-1393 – Use of Default Password
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44574
GHSA-6jrj-gphg-p8mj