Vulnerability Details : CVE-2016-5085
Johnson & Johnson Animas OneTouch Ping devices do not properly generate random numbers, which makes it easier for remote attackers to spoof meters by sniffing the network and then engaging in an authentication handshake.
Products affected by CVE-2016-5085
- cpe:2.3:o:animas:onetouch_ping_firmware:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-5085
0.63%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 76 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-5085
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:C/A:N |
10.0
|
6.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2016-5085
-
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-5085
-
http://www.kb.cert.org/vuls/id/BLUU-A9SQRS
VU#884840 - Animas OneTouch Ping insulin pump contains multiple vulnerabilitiesThird Party Advisory;US Government Resource
-
https://ics-cert.us-cert.gov/advisories/ICSMA-16-279-01
Animas OneTouch Ping Insulin Pump Vulnerabilities | CISA
-
https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump
R7-2016-07: Multiple Vulnerabilities in Animas OneTouch Ping Insulin PumpMitigation;Technical Description;Third Party Advisory
-
http://www.kb.cert.org/vuls/id/884840
VU#884840 - Animas OneTouch Ping insulin pump contains multiple vulnerabilitiesThird Party Advisory;US Government Resource
-
http://www.securityfocus.com/bid/93351
Animas OneTouch Ping Multiple Security Vulnerabilities
Jump to