PT-2021-11360 · Sooil Developments Co. · Anydana-I+2
Birk Kauer
+3
·
Published
2021-01-19
·
Updated
2021-01-23
·
CVE-2020-27276
CVSS v3.1
5.7
Medium
| Vector | AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
SOOIL Developments Co Ltd DiabecareRS, AnyDana-i & AnyDana-A (affected versions not specified)
Description:
The communication protocol of the insulin pump and its AnyDana-i & AnyDana-A mobile apps does not use adequate measures to authenticate the communicating entities before exchanging keys. This allows unauthenticated, physically proximate attackers to eavesdrop the authentication sequence via Bluetooth Low Energy.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Authentication Bypass by Spoofing
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Anydana-A
Anydana-I
Diabecare Rs