CVE-2016-5686

moderate-risk
Published 2016-10-05

Johnson & Johnson Animas OneTouch Ping devices mishandle acknowledgements, which makes it easier for remote attackers to bypass authentication via a custom communication protocol.

Do I need to act?

~
3.0% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Onetouch Ping Firmware

Affected Vendors

Animas

References (8)

Third Party Advisory http://www.kb.cert.org/vuls/id/884840
Third Party Advisory http://www.kb.cert.org/vuls/id/BLUU-A9SQRS
http://www.securityfocus.com/bid/93351
Mitigation https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multip...
Third Party Advisory http://www.kb.cert.org/vuls/id/884840
Third Party Advisory http://www.kb.cert.org/vuls/id/BLUU-A9SQRS
http://www.securityfocus.com/bid/93351
Mitigation https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multip...
43
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 6/34 · Minimal
Exposure 5/34 · Minimal