PT-2016-6236 · Johnson & Johnson · Animas Onetouch Ping

Jay Radcliffe

Publicado

2016-10-05

Atualizado

2016-12-24

CVE-2016-5085

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions Johnson & Johnson Animas OneTouch Ping devices (affected versions not specified)

Description The issue concerns the generation of random numbers in the devices, making it easier for remote attackers to spoof meters. This can be achieved by sniffing the network and then engaging in an authentication handshake.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Use of Insufficiently Random Values

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-330

Identificadores relacionados

CVE-2016-5085

Produtos afetados

Animas Onetouch Ping

PT-2016-6236 · Johnson & Johnson · Animas Onetouch Ping

CVE-2016-5085

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6