How severe is CVE-2016-9355?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2016-9355?

This is classified as CWE-255, which is a common weakness in software security.

CVE-2016-9355 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit, Version 9.5 and prior versions, and Version 9.7. An unauthorized user with physical access to an Alaris 8015 PC unit may be able to obtain unencrypted wireless network authentication credentials and other sensitive technical data by disassembling an Alaris 8015 PC unit and accessing the device's flash memory. Older software versions of the Alaris 8015 PC unit, Version 9.5 and prior versions, store wireless network authentication credentials and other sensitive technical data on the affected device's removable flash memory. Being able to remove the flash memory from the affected device reduces the risk of detection, allowing an attacker to extract stored data at the attacker's convenience.

Related Vulnerabilities

CVE-2016-10791

MEDIUM

CVSS:5.3(Medium)

cPanel before 60.0.15 does not ensure that system accounts lack a valid password, so that logins are impossible (CPANEL-9559).

CWE-2552016

CVE-2016-2282

MEDIUM

CVSS:5.3(Medium)

Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utility before 3.18 do not properly encrypt credentials, which makes it easier for remote attackers to obtain the associated cleartext ...

CWE-2552016

CVE-2016-2283

MEDIUM

CVSS:5.3(Medium)

Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utility before 3.18 do not properly encrypt data, which makes it easier for remote attackers to obtain the associated cleartext via uns...

CWE-2552016

CVE-2016-5890

MEDIUM

CVSS:5.3(Medium)

IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote authenticated users to change arbitrary passwords via unspecified vectors.

CWE-2552016

CVE-2016-1307

MEDIUM

CVSS:5.4(Medium)

The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an ...

CWE-2552016

CVE-2015-8945

MEDIUM

CVSS:5.1(Medium)

openshift-node in OpenShift Origin 1.1.6 and earlier improperly stores router credentials as envvars in the pod when the --credentials option is used, which allows local users to obtain sensitive priv...

CWE-2552015