CVE-2020-27272

Summary

SOOIL Developments CoLtd DiabecareRS, AnyDana-i, AnyDana-A, The communication protocol of the insulin pump and AnyDana-i,AnyDana-A mobile apps doesn't use adequate measures to authenticate the pump before exchanging keys, which allows unauthenticated, physically proximate attackers to eavesdrop the keys and spoof the pump via BLE.

Affected Software

VendorProductVersion RangeStatus
n/aSOOIL Developments CoLtd DiabecareRS,AnyDana-i,AnyDana-ADana Diabecare RS,AnyDana-i,AnyDana-A versions prior to 3.0affected

Weaknesses

  • KEY EXCHANGE WITHOUT ENTITY AUTHENTICATION CWE322

ADP Enrichment

CVE Program Container

Additional References

References