var-201610-0162
Vulnerability from variot
Johnson & Johnson Animas OneTouch Ping devices allow remote attackers to bypass authentication via replay attacks. The Animas OneTouch Ping insulin pump contains multiple vulnerabilities that may allow an unauthenticated remote attacker to obtain patient treatment or device data, or execute commands on the device. The attacker cannot obtain personally identifiable information. In addition, JVNVU#95089754 Then CWE-294 It is published as https://cwe.mitre.org/data/definitions/294.htmlReflex attack by a third party ( Replay attack ) Authentication may be bypassed. Animas OneTouch Ping is prone to the following security vulnerabilities: 1. An information-disclosure vulnerability 2. Multiple security-bypass vulnerabilities 3. A Spoofing vulnerability An attacker can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, and perform certain unauthorized actions and to insert and display spoofed content. Other attacks are also possible. Animas OneTouch Ping is a medical self-service device for diabetic patients taking insulin from Animas Company of the United States
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201610-0162",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "onetouch ping",
"scope": null,
"trust": 1.6,
"vendor": "animas",
"version": null
},
{
"model": "onetouch ping",
"scope": "eq",
"trust": 1.6,
"vendor": "animas",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "johnson johnson",
"version": null
},
{
"model": "onetouch ping",
"scope": "eq",
"trust": 0.3,
"vendor": "animas",
"version": "0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#884840"
},
{
"db": "BID",
"id": "93351"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005122"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-005"
},
{
"db": "NVD",
"id": "CVE-2016-5086"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:animas:onetouch_ping",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:animas:onetouch_ping_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005122"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tod Beardsley of Rapid7.",
"sources": [
{
"db": "BID",
"id": "93351"
}
],
"trust": 0.3
},
"cve": "CVE-2016-5086",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2016-5086",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-93905",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-5086",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-5086",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-5086",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201610-005",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-93905",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93905"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005122"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-005"
},
{
"db": "NVD",
"id": "CVE-2016-5086"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Johnson \u0026 Johnson Animas OneTouch Ping devices allow remote attackers to bypass authentication via replay attacks. The Animas OneTouch Ping insulin pump contains multiple vulnerabilities that may allow an unauthenticated remote attacker to obtain patient treatment or device data, or execute commands on the device. The attacker cannot obtain personally identifiable information. In addition, JVNVU#95089754 Then CWE-294 It is published as https://cwe.mitre.org/data/definitions/294.htmlReflex attack by a third party ( Replay attack ) Authentication may be bypassed. Animas OneTouch Ping is prone to the following security vulnerabilities:\n1. An information-disclosure vulnerability\n2. Multiple security-bypass vulnerabilities\n3. A Spoofing vulnerability\nAn attacker can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, and perform certain unauthorized actions and to insert and display spoofed content. Other attacks are also possible. Animas OneTouch Ping is a medical self-service device for diabetic patients taking insulin from Animas Company of the United States",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5086"
},
{
"db": "CERT/CC",
"id": "VU#884840"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005122"
},
{
"db": "BID",
"id": "93351"
},
{
"db": "VULHUB",
"id": "VHN-93905"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#884840",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2016-5086",
"trust": 2.8
},
{
"db": "ICS CERT",
"id": "ICSMA-16-279-01",
"trust": 2.2
},
{
"db": "BID",
"id": "93351",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU95089754",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005122",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201610-005",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "34993",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-93905",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#884840"
},
{
"db": "VULHUB",
"id": "VHN-93905"
},
{
"db": "BID",
"id": "93351"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005122"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-005"
},
{
"db": "NVD",
"id": "CVE-2016-5086"
}
]
},
"id": "VAR-201610-0162",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-93905"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:54:27.023000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "OneTouch Ping Glucose Management System",
"trust": 0.8,
"url": "https://www.animas.com/diabetes-insulin-pump-and-bloog-glucose-meter/onetouch-ping-blood-glucose-monitor"
},
{
"title": "Important Information about the cybersecurity of your OneTouch Ping Insulin Infusion Pump",
"trust": 0.8,
"url": "https://www.animas.com/sites/default/files/pdf/FINAL%20Letter%20to%20patients%20regarding%20OTP_10.04.16.16_WEB%20VERSION.PDF"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005122"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93905"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005122"
},
{
"db": "NVD",
"id": "CVE-2016-5086"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump"
},
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/884840"
},
{
"trust": 2.2,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-16-279-01"
},
{
"trust": 1.7,
"url": "http://www.kb.cert.org/vuls/id/bluu-a9sqrs"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/93351"
},
{
"trust": 0.8,
"url": "https://www.animas.com/our-pumps/one-touch-ping"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5086"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu95089754/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5086"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/34993"
},
{
"trust": 0.3,
"url": "https://www.animas.com/diabetes-insulin-pump-and-bloog-glucose-meter/onetouch-ping-blood-glucose-monitor"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#884840"
},
{
"db": "VULHUB",
"id": "VHN-93905"
},
{
"db": "BID",
"id": "93351"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005122"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-005"
},
{
"db": "NVD",
"id": "CVE-2016-5086"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#884840"
},
{
"db": "VULHUB",
"id": "VHN-93905"
},
{
"db": "BID",
"id": "93351"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005122"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-005"
},
{
"db": "NVD",
"id": "CVE-2016-5086"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-04T00:00:00",
"db": "CERT/CC",
"id": "VU#884840"
},
{
"date": "2016-10-05T00:00:00",
"db": "VULHUB",
"id": "VHN-93905"
},
{
"date": "2016-10-04T00:00:00",
"db": "BID",
"id": "93351"
},
{
"date": "2016-10-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005122"
},
{
"date": "2016-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-005"
},
{
"date": "2016-10-05T10:59:12.923000",
"db": "NVD",
"id": "CVE-2016-5086"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-11T00:00:00",
"db": "CERT/CC",
"id": "VU#884840"
},
{
"date": "2016-12-24T00:00:00",
"db": "VULHUB",
"id": "VHN-93905"
},
{
"date": "2016-10-10T05:02:00",
"db": "BID",
"id": "93351"
},
{
"date": "2016-10-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005122"
},
{
"date": "2016-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-005"
},
{
"date": "2024-11-21T02:53:36.177000",
"db": "NVD",
"id": "CVE-2016-5086"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-005"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Animas OneTouch Ping insulin pump contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#884840"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-005"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…