CVE-2016-5686

CRITICAL

Johnson & Johnson Animas OneTouch Ping - Auth Bypass

Title source: llm

Description

Johnson & Johnson Animas OneTouch Ping devices mishandle acknowledgements, which makes it easier for remote attackers to bypass authentication via a custom communication protocol.

References (4)

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/884840

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/BLUU-A9SQRS

[Mitigation, Technical Description, Third Party Advisory] https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/93351

Scores

CVSS v3 9.8

EPSS 0.0301

EPSS Percentile 86.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-287

Status draft

Affected Products (1)

animas/onetouch_ping_firmware

Timeline

Published Oct 05, 2016

Tracked Since Feb 18, 2026