What is CVE-2019-16328?

CVE-2019-16328 is a vulnerability in N/a. Published 2019-10-03.

Is CVE-2019-16328 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2019-16328

In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify object attributes to construct a remote procedure call that executes code for an RPyC service with default configuration settings.

EPSS: 0.730 (98.8th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework
Live-Hack-CVE/CVE-2019-16328

References

github.com/tomerfiliba/rpyc (x_refsource_MISC)
rpyc.readthedocs.io/en/latest/docs/security.html (x_refsource_MISC)
openSUSE-SU-2020:0685 (vendor-advisory, x_refsource_SUSE)
openSUSE-SU-2020:0763 (vendor-advisory, x_refsource_SUSE)

Frequently asked questions

What is CVE-2019-16328?: CVE-2019-16328 is a vulnerability in N/a. Published 2019-10-03.
Is CVE-2019-16328 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.