Palo Alto Networks · Pan-Os · CVE-2019-17440
**Name of the Vulnerable Software and Affected Versions**
PAN-OS versions prior to 9.0.5-h3
**Description**
The issue is related to improper restriction of communications to the Log Forwarding Card (LFC) on PA-7000 Series devices with a second-generation Switch Management Card (SMC), potentially allowing an attacker with network access to the LFC to gain root access to PAN-OS. This issue only affects a limited number of customers, and at the time of publication, all identified customers have upgraded and are not impacted.
**Recommendations**
For PAN-OS versions prior to 9.0.5-h3, upgrade to version 9.0.5-h3 or later to resolve the issue. As a temporary workaround, consider restricting access to the LFC to minimize the risk of exploitation.