Lucene search

K
cveIcscertCVE-2020-27276
HistoryJan 19, 2021 - 5:15 p.m.

CVE-2020-27276

2021-01-1917:15:12
CWE-290
icscert
web.nvd.nist.gov
27
8
nvd
cve-2020-27276
sooil developments
diabecarers
anydana-i
anydana-a
authentication
bluetooth low energy

CVSS2

2.9

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.7

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

27.0%

SOOIL Developments Co Ltd DiabecareRS,AnyDana-i & AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i & AnyDana-A mobile apps doesn’t use adequate measures to authenticate the communicating entities before exchanging keys, which allows unauthenticated, physically proximate attackers to eavesdrop the authentication sequence via Bluetooth Low Energy.

Affected configurations

Nvd
Node
sooilanydana-a_firmwareRange<3.0
AND
sooilanydana-aMatch-
Node
sooilanydana-i_firmwareRange<3.0
AND
sooilanydana-iMatch-
Node
sooildiabecare_rs_firmwareRange<3.0
AND
sooildiabecare_rsMatch-

CNA Affected

[
  {
    "product": "SOOIL Developments CoLtd DiabecareRS,AnyDana-i,AnyDana-A",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Dana DiabecareRS, AnyDana-i, AnyDana-A  All versions prior to 3.0"
      }
    ]
  }
]

Social References

More

CVSS2

2.9

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.7

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

27.0%

Related for CVE-2020-27276