How severe is CVE-2016-8375?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.9 out of 10.

What type of vulnerability is CVE-2016-8375?

This is classified as CWE-255, which is a common weakness in software security.

CVE-2016-8375 - MEDIUM Severity | CVSS 4.9

Vulnerability Description

An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit, Version 9.5 and prior versions, and Version 9.7, and 8000 PC unit. An unauthorized user with physical access to an affected Alaris PC unit may be able to obtain unencrypted wireless network authentication credentials and other sensitive technical data by disassembling the PC unit and accessing the device's flash memory. The Alaris 8015 PC unit, Version 9.7, and the 8000 PC unit store wireless network authentication credentials and other sensitive technical data on internal flash memory. Accessing the internal flash memory of the affected device would require special tools to extract data and carrying out this attack at a healthcare facility would increase the likelihood of detection.

Related Vulnerabilities

CVE-2015-8945

MEDIUM

CVSS:5.1(Medium)

openshift-node in OpenShift Origin 1.1.6 and earlier improperly stores router credentials as envvars in the pod when the --credentials option is used, which allows local users to obtain sensitive priv...

CWE-2552015

CVE-2016-3685

MEDIUM

CVSS:4.7(Medium)

SAP Download Manager 2.1.142 and earlier generates an encryption key from a small key space on Windows and Mac systems, which allows context-dependent attackers to obtain sensitive configuration infor...

CWE-2552016

CVE-2015-4400

MEDIUM

CVSS:4.6(Medium)

Ring (formerly DoorBot) video doorbells allow remote attackers to obtain sensitive information about the wireless network configuration by pressing the set up button and leveraging an API in the GainS...

CWE-2552015

CVE-2016-10791

MEDIUM

CVSS:5.3(Medium)

cPanel before 60.0.15 does not ensure that system accounts lack a valid password, so that logins are impossible (CPANEL-9559).

CWE-2552016

CVE-2016-2282

MEDIUM

CVSS:5.3(Medium)

Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utility before 3.18 do not properly encrypt credentials, which makes it easier for remote attackers to obtain the associated cleartext ...

CWE-2552016

CVE-2016-2283

MEDIUM

CVSS:5.3(Medium)

Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utility before 3.18 do not properly encrypt data, which makes it easier for remote attackers to obtain the associated cleartext via uns...

CWE-2552016