CVE-2019-17440— PAN-OS on PA-7000 Series: Improper restriction of communication to Log Forwarding Card (LFC) allows root access
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2019-17440
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
PAN-OS on PA-7000 Series: Improper restriction of communication to Log Forwarding Card (LFC) allows root access
Source: NVD (National Vulnerability Database)
Vulnerability Description
Improper restriction of communications to Log Forwarding Card (LFC) on PA-7000 Series devices with second-generation Switch Management Card (SMC) may allow an attacker with network access to the LFC to gain root access to PAN-OS. This issue affects PAN-OS 9.0 versions prior to 9.0.5-h3 on PA-7080 and PA-7050 devices with an LFC installed and configured. This issue does not affect PA-7000 Series deployments using the first-generation SMC and the Log Processing Card (LPC). This issue does not affect any other PA series devices. This issue does not affect devices without an LFC. This issue does not affect PAN-OS 8.1 or prior releases. This issue only affected a very limited number of customers and we undertook individual outreach to help them upgrade. At the time of publication, all identified customers have upgraded SW or content and are not impacted.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
通信信道对预期端点的不适当限制
Source: NVD (National Vulnerability Database)
Vulnerability Title
Palo Alto Networks PA-7080和PA-7050 PAN-OS 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Palo Alto Networks PA-7080和PA-7050都是美国Palo Alto Networks(Palo Alto Networks)公司的产品。PA-7050是一款PA-7050系列防火墙产品。Palo Alto Networks PA-7080是一款PA-7080系列防火墙产品。PAN-OS是一套为其防火墙设备开发的操作系统。 Palo Alto Networks PA-7080和PA-7050上的PAN-OS 9.0.5-h3之前的9.0版本中存在安全漏洞,该漏洞程序没有正确限制对
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Palo Alto Networks | PAN-OS | 9.0 ~ 9.0.5-h3 | - | |
| Palo Alto Networks | PAN-OS | 8.0 | - |
II. Public POCs for CVE-2019-17440
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2019-17440
请登录查看更多情报信息。
- https://security.paloaltonetworks.com/CVE-2019-17440x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2019-17440
IV. Related Vulnerabilities
Same product: PAN-OS
- CVE-2025-0116
PAN-OS: Firewall Denial of Service (DoS) Using a Specially C - CVE-2025-0115
PAN-OS: Authenticated Admin File Read Vulnerability in PAN-O - CVE-2025-0114
PAN-OS: Denial of Service (DoS) in GlobalProtect - CVE-2024-9471
PAN-OS: Privilege Escalation (PE) Vulnerability in XML API - CVE-2024-8691
PAN-OS: User Impersonation in GlobalProtect Portal
Same vendor: Palo Alto Networks
- CVE-2026-0300
PAN-OS: Unauthenticated user initiated Buffer Overflow Vulne - CVE-2026-0232
Cortex XDR Agent: Local Administrator can disable the agent - CVE-2026-0233
Autonomous Digital Experience Manager: Improper validation o - CVE-2026-0234
Cortex XSOAR: Improper Verification of Cryptographic Signatu - CVE-2026-0231
Cortex XDR Broker VM: Sensitive Information Disclosure Vulne
V. Comments for CVE-2019-17440
No comments yet