Johnson & Johnson Animas OneTouch Ping devices do not properly generate random numbers, which makes it easier for remote attackers to spoof meters by sniffing the network and then engaging in an authentication handshake.
References
Link | Resource |
---|---|
http://www.kb.cert.org/vuls/id/884840 | Third Party Advisory US Government Resource |
http://www.kb.cert.org/vuls/id/BLUU-A9SQRS | Third Party Advisory US Government Resource |
http://www.securityfocus.com/bid/93351 | |
https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump | Mitigation Technical Description Third Party Advisory |
https://ics-cert.us-cert.gov/advisories/ICSMA-16-279-01 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: certcc
Published: 2016-10-05T10:00:00
Updated: 2016-12-22T21:57:01
Reserved: 2016-05-26T00:00:00
Link: CVE-2016-5085
JSON object: View
NVD Information
Status : Modified
Published: 2016-10-05T10:59:11.643
Modified: 2016-12-24T02:59:41.293
Link: CVE-2016-5085
JSON object: View
Redhat Information
No data.
CWE