CVE-2020-27276

Summary

SOOIL Developments Co Ltd DiabecareRS,AnyDana-i & AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i & AnyDana-A mobile apps doesn't use adequate measures to authenticate the communicating entities before exchanging keys, which allows unauthenticated, physically proximate attackers to eavesdrop the authentication sequence via Bluetooth Low Energy.

Affected Software

VendorProductVersion RangeStatus
n/aSOOIL Developments CoLtd DiabecareRS,AnyDana-i,AnyDana-ADana DiabecareRS, AnyDana-i, AnyDana-A All versions prior to 3.0affected

Weaknesses

  • CWE-290: AUTHENTICATION BYPASS BY SPOOFING CWE-290

ADP Enrichment

CVE Program Container

Additional References

References