CVE-2020-27276

SOOIL Developments Co Ltd DiabecareRS,AnyDana-i & AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i & AnyDana-A mobile apps doesn't use adequate measures to authenticate the communicating entities before exchanging keys, which allows unauthenticated, physically proximate attackers to eavesdrop the authentication sequence via Bluetooth Low Energy.
References
Link Resource
https://us-cert.cisa.gov/ics/advisories/icsma-21-012-01 Third Party Advisory US Government Resource
https://us-cert.cisa.gov/ics/advisories/icsma-21-012-01 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:sooil:anydana-a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sooil:anydana-a:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:sooil:anydana-i_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sooil:anydana-i:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:sooil:diabecare_rs_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sooil:diabecare_rs:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:20

Type Values Removed Values Added
References () https://us-cert.cisa.gov/ics/advisories/icsma-21-012-01 - Third Party Advisory, US Government Resource () https://us-cert.cisa.gov/ics/advisories/icsma-21-012-01 - Third Party Advisory, US Government Resource

Information

Published : 2021-01-19 17:15

Updated : 2024-11-21 05:20


NVD link : CVE-2020-27276

Mitre link : CVE-2020-27276

CVE.ORG link : CVE-2020-27276


JSON object : View

Products Affected

sooil

  • anydana-i
  • anydana-i_firmware
  • diabecare_rs
  • anydana-a_firmware
  • diabecare_rs_firmware
  • anydana-a
CWE
CWE-290

Authentication Bypass by Spoofing