CVE-2016-5085

Опубликовано: 05 окт. 2016

Источник: nvd

CVSS3: 7.5

CVSS2: 7.8

EPSS Низкий

Описание

Johnson & Johnson Animas OneTouch Ping devices do not properly generate random numbers, which makes it easier for remote attackers to spoof meters by sniffing the network and then engaging in an authentication handshake.

Ссылки

http://www.kb.cert.org/vuls/id/884840
Third Party Advisory
US Government Resource
http://www.kb.cert.org/vuls/id/BLUU-A9SQRS
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/93351
https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump
Mitigation
Technical Description
Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSMA-16-279-01
http://www.kb.cert.org/vuls/id/884840
Third Party Advisory
US Government Resource
http://www.kb.cert.org/vuls/id/BLUU-A9SQRS
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/93351
https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump
Mitigation
Technical Description
Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSMA-16-279-01

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:animas:onetouch_ping_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:animas:onetouch_ping:-:*:*:*:*:*:*:*

EPSS

Процентиль: 87%

0.032

Низкий

7.5 High

CVSS3

7.8 High

CVSS2

Дефекты

CWE-330

Связанные уязвимости

GHSA-vgh3-qfvh-cw6q