CVE-2016-5085

Johnson & Johnson Animas OneTouch Ping devices do not properly generate random numbers, which makes it easier for remote attackers to spoof meters by sniffing the network and then engaging in an authentication handshake.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:animas:onetouch_ping_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:animas:onetouch_ping:-:*:*:*:*:*:*:*

History

21 Nov 2024, 02:53

Type Values Removed Values Added
References () http://www.kb.cert.org/vuls/id/884840 - Third Party Advisory, US Government Resource () http://www.kb.cert.org/vuls/id/884840 - Third Party Advisory, US Government Resource
References () http://www.kb.cert.org/vuls/id/BLUU-A9SQRS - Third Party Advisory, US Government Resource () http://www.kb.cert.org/vuls/id/BLUU-A9SQRS - Third Party Advisory, US Government Resource
References () http://www.securityfocus.com/bid/93351 - () http://www.securityfocus.com/bid/93351 -
References () https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump - Mitigation, Technical Description, Third Party Advisory () https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump - Mitigation, Technical Description, Third Party Advisory
References () https://ics-cert.us-cert.gov/advisories/ICSMA-16-279-01 - () https://ics-cert.us-cert.gov/advisories/ICSMA-16-279-01 -

Information

Published : 2016-10-05 10:59

Updated : 2024-11-21 02:53


NVD link : CVE-2016-5085

Mitre link : CVE-2016-5085

CVE.ORG link : CVE-2016-5085


JSON object : View

Products Affected

animas

  • onetouch_ping_firmware
  • onetouch_ping
CWE
CWE-330

Use of Insufficiently Random Values