CVE-2019-17440

Name of the Vulnerable Software and Affected Versions PAN-OS versions prior to 9.0.5-h3

Description The issue is related to improper restriction of communications to the Log Forwarding Card (LFC) on PA-7000 Series devices with a second-generation Switch Management Card (SMC), potentially allowing an attacker with network access to the LFC to gain root access to PAN-OS. This issue only affects a limited number of customers, and at the time of publication, all identified customers have upgraded and are not impacted.

Recommendations For PAN-OS versions prior to 9.0.5-h3, upgrade to version 9.0.5-h3 or later to resolve the issue. As a temporary workaround, consider restricting access to the LFC to minimize the risk of exploitation.