Vulnerability Details CVE-2020-27272
SOOIL Developments CoLtd DiabecareRS, AnyDana-i, AnyDana-A, The communication protocol of the insulin pump and AnyDana-i,AnyDana-A mobile apps doesn't use adequate measures to authenticate the pump before exchanging keys, which allows unauthenticated, physically proximate attackers to eavesdrop the keys and spoof the pump via BLE.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 27.4%
CVSS Severity
CVSS v3 Score 5.7
CVSS v2 Score 2.9
References
Products affected by CVE-2020-27272
-
cpe:2.3:h:sooil:anydana-a:-
-
cpe:2.3:h:sooil:anydana-i:-
-
cpe:2.3:h:sooil:diabecare_rs:-
-
cpe:2.3:o:sooil:anydana-a_firmware:*
-
cpe:2.3:o:sooil:anydana-i_firmware:*
-
cpe:2.3:o:sooil:diabecare_rs_firmware:*