CVE-2016-5085

EPSS 3.2%
Veröffentlicht 05.10.2016 10:59:11
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cret@cert.org
Teams Watchlist Login
Unerledigt Login

Johnson & Johnson Animas OneTouch Ping devices do not properly generate random numbers, which makes it easier for remote attackers to spoof meters by sniffing the network and then engaging in an authentication handshake.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Animas ≫ Onetouch Ping Firmware Version-

Animas ≫ Onetouch Ping Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.2%	0.858

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:N/I:C/A:N

CWE-330 Use of Insufficiently Random Values

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

http://www.kb.cert.org/vuls/id/884840

Third Party Advisory

US Government Resource

http://www.kb.cert.org/vuls/id/BLUU-A9SQRS

Third Party Advisory

US Government Resource

http://www.securityfocus.com/bid/93351

https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump

Third Party Advisory

Mitigation

Technical Description

https://ics-cert.us-cert.gov/advisories/ICSMA-16-279-01

https://nvd.nist.gov/vuln/detail/CVE-2016-5085

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-5085

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-5085

EUVD