CVE-2016-5085

EPSS 3.2%
Published 05.10.2016 10:59:11
Last modified 12.04.2025 10:46:40
Source cret@cert.org
Teams watchlist Login
Open Login

Johnson & Johnson Animas OneTouch Ping devices do not properly generate random numbers, which makes it easier for remote attackers to spoof meters by sniffing the network and then engaging in an authentication handshake.

Affected products Warnungen 0 Metrics 3 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

Animas ≫ Onetouch Ping Firmware Version-

Animas ≫ Onetouch Ping Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	3.2%	0.858

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:N/I:C/A:N

CWE-330 Use of Insufficiently Random Values

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

http://www.kb.cert.org/vuls/id/884840

Third Party Advisory

US Government Resource

http://www.kb.cert.org/vuls/id/BLUU-A9SQRS

Third Party Advisory

US Government Resource

http://www.securityfocus.com/bid/93351

https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump

Third Party Advisory

Mitigation

Technical Description

https://ics-cert.us-cert.gov/advisories/ICSMA-16-279-01

https://nvd.nist.gov/vuln/detail/CVE-2016-5085

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-5085

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-5085

EUVD