CVE-2016-5085
HIGHJohnson & Johnson Animas OneTouch Ping - Info Disclosure
Title source: llmDescription
Johnson & Johnson Animas OneTouch Ping devices do not properly generate random numbers, which makes it easier for remote attackers to spoof meters by sniffing the network and then engaging in an authentication handshake.
References (5)
Core 5
Core References
Mitigation, Technical Description, Third Party Advisory x_refsource_misc
https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump
Third Party Advisory, US Government Resource x_refsource_misc
http://www.kb.cert.org/vuls/id/BLUU-A9SQRS
Various Sources x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSMA-16-279-01
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/884840
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/93351
Scores
CVSS v3
7.5
EPSS
0.0386
EPSS Percentile
88.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-330
Status
published
Products (1)
animas/onetouch_ping_firmware
Published
Oct 05, 2016
Tracked Since
Feb 18, 2026