Vulnerability Details : CVE-2021-41096
Rucky is a USB HID Rubber Ducky Launch Pad for Android. Versions 2.2 and earlier for release builds and versions 425 and earlier for nightly builds suffer from use of a weak cryptographic algorithm (RSA/ECB/PKCS1Padding). The issue will be patched in v2.3 for release builds and 426 onwards for nightly builds. As a workaround, one may disable an advance security feature if not required.
Products affected by CVE-2021-41096
- cpe:2.3:a:rucky_project:rucky:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-41096
0.19%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 56 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-41096
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
GitHub, Inc. |
CWE ids for CVE-2021-41096
-
The product uses a broken or risky cryptographic algorithm or protocol.Assigned by: security-advisories@github.com (Primary)
References for CVE-2021-41096
-
https://github.com/mayankmetha/Rucky/security/advisories/GHSA-32m7-456v-wgfw
Use of a Broken or Risky Cryptographic Algorithm in com.mayank.rucky · Advisory · mayankmetha/Rucky · GitHubThird Party Advisory
-
https://github.com/mayankmetha/Rucky/commit/5e3a477365009f488a73efd26a91168502de1b93
Fix security vulnerabilities · mayankmetha/Rucky@5e3a477 · GitHubPatch;Third Party Advisory
Jump to