CVE-2020-27272
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
19/01/2021
Last modified:
21/07/2021
Description
SOOIL Developments CoLtd DiabecareRS, AnyDana-i, AnyDana-A, The communication protocol of the insulin pump and AnyDana-i,AnyDana-A mobile apps doesn't use adequate measures to authenticate the pump before exchanging keys, which allows unauthenticated, physically proximate attackers to eavesdrop the keys and spoof the pump via BLE.
Impact
Base Score 3.x
5.70
Severity 3.x
MEDIUM
Base Score 2.0
2.90
Severity 2.0
LOW
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:sooil:anydana-a_firmware:*:*:*:*:*:*:*:* | 3.0 (excluding) | |
cpe:2.3:h:sooil:anydana-a:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:sooil:anydana-i_firmware:*:*:*:*:*:*:*:* | 3.0 (excluding) | |
cpe:2.3:h:sooil:anydana-i:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:sooil:diabecare_rs_firmware:*:*:*:*:*:*:*:* | 3.0 (excluding) | |
cpe:2.3:h:sooil:diabecare_rs:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page