National Vulnerability Database

National Vulnerability Database

National Vulnerability

CVE-2019-17440 Detail

Current Description

Improper restriction of communications to Log Forwarding Card (LFC) on PA-7000 Series devices with second-generation Switch Management Card (SMC) may allow an attacker with network access to the LFC to gain root access to PAN-OS. This issue affects PAN-OS 9.0 versions prior to 9.0.5-h3 on PA-7080 and PA-7050 devices with an LFC installed and configured. This issue does not affect PA-7000 Series deployments using the first-generation SMC and the Log Processing Card (LPC). This issue does not affect any other PA series devices. This issue does not affect devices without an LFC. This issue does not affect PAN-OS 8.1 or prior releases. This issue only affected a very limited number of customers and we undertook individual outreach to help them upgrade. At the time of publication, all identified customers have upgraded SW or content and are not impacted.

Source:  MITRE
View Analysis Description


CVSS 3.x Severity and Metrics:

Base Score: 9.8 CRITICAL
Vector:  CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Nist CVSS score does not match with CNA score
CNA:  Palo Alto Networks, Inc.
Base Score: 10.0 CRITICAL
Vector:  CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to

Hyperlink Resource

Weakness Enumeration

CWE-ID CWE Name Source
NVD-CWE-Other Other NIST  
CWE-923 Improper Restriction of Communication Channel to Intended Endpoints Palo Alto Networks, Inc.  

Known Affected Software Configurations Switch to CPE 2.2

Configuration 1 ( hide )
     Show Matching CPE(s)
From (including)
Up to (including)
Running on/with
     Show Matching CPE(s)
     Show Matching CPE(s)

Change History

3 change records found - show changes

Quick Info

CVE Dictionary Entry:
NVD Published Date:
NVD Last Modified: