CVE-2020-27272
N/A
N/A
Summary
SOOIL Developments CoLtd DiabecareRS, AnyDana-i, AnyDana-A, The communication protocol of the insulin pump and AnyDana-i,AnyDana-A mobile apps doesn't use adequate measures to authenticate the pump before exchanging keys, which allows unauthenticated, physically proximate attackers to eavesdrop the keys and spoof the pump via BLE.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | SOOIL Developments CoLtd DiabecareRS,AnyDana-i,AnyDana-A | Dana Diabecare RS,AnyDana-i,AnyDana-A versions prior to 3.0 | affected |
Weaknesses
- KEY EXCHANGE WITHOUT ENTITY AUTHENTICATION CWE322
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.