cbcvebase.
CVE-2019-16328
published 2019-10-03

CVE-2019-16328: In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify object attributes to construct a remote procedure call that executes code for an RPyC…

PriorityP350high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
EPSS
13.05%
95.9th percentile
In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify object attributes to construct a remote procedure call that executes code for an RPyC service with default configuration settings.

Affected

4 ranges
VendorProductVersion rangeFixed in
debianrpyc
rpyc_projectrpyc>= 4.1.0 < 4.1.24.1.2
rpyc_projectrpyc>= 4.1.0 < 4.1.14.1.1
rpyc_projectrpyc4.1.0 – 4.1.1

Detection & IOCsextracted from sources · hover to see the quote

  • ·Vulnerability only affects RPyC services running with default configuration settings; non-default/hardened configurations may not be exploitable
  • ·The attack vector is a missing protocol security check allowing dynamic modification of object attributes to construct malicious RPCs
  • ·Affected versions are RPyC 4.1.x through 4.1.1; refer to RPyC security documentation for hardening guidance

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
ghsa7.5HIGH
osv7.5HIGH
vendor_debian7.5LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.