Vulnerability Details CVE-2016-5686
Johnson & Johnson Animas OneTouch Ping devices mishandle acknowledgements, which makes it easier for remote attackers to bypass authentication via a custom communication protocol.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.03
EPSS Ranking 86.1%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 9.3
References
- http://www.kb.cert.org/vuls/id/884840
- http://www.kb.cert.org/vuls/id/BLUU-A9SQRS
- http://www.securityfocus.com/bid/93351
- https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump
- http://www.kb.cert.org/vuls/id/884840
- http://www.kb.cert.org/vuls/id/BLUU-A9SQRS
- http://www.securityfocus.com/bid/93351
- https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump
Products affected by CVE-2016-5686
-
cpe:2.3:h:animas:onetouch_ping:-
-
cpe:2.3:o:animas:onetouch_ping_firmware:-