Main Vulnerability Database Vulnerabilities #VU49521

Authentication Bypass by Spoofing in SOOIL Developments Co., Ltd products - CVE-2020-27276

Published: January 14, 2021

Vulnerability identifier: #VU49521

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-27276

CWE-ID: CWE-290

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
Dana Diabecare RS
AnyDana-i
AnyDana-A

Software vendor:
SOOIL Developments Co., Ltd

Description

The vulnerability allows a remote attacker to perform a spoofing attack.

The vulnerability exists due to the communication protocol of the insulin pump and its mobile applications does not use adequate measures to authenticate the communicating entities before exchanging keys. A remote attacker on the local network can eavesdrop the authentication sequence via Bluetooth Low Energy.

Remediation

Install updates from vendor's website.

External links

https://ics-cert.us-cert.gov/advisories/icsma-21-012-01

Authentication Bypass by Spoofing in SOOIL Developments Co., Ltd products - CVE-2020-27276

Description

Remediation

External links

Please verify you're human