cve-2019-17440
Vulnerability from cvelistv5
Published
2019-12-20 15:22
Modified
2024-09-17 01:56
Severity ?
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS score ?
0.45% (0.60913)
Summary
Improper restriction of communications to Log Forwarding Card (LFC) on PA-7000 Series devices with second-generation Switch Management Card (SMC) may allow an attacker with network access to the LFC to gain root access to PAN-OS. This issue affects PAN-OS 9.0 versions prior to 9.0.5-h3 on PA-7080 and PA-7050 devices with an LFC installed and configured. This issue does not affect PA-7000 Series deployments using the first-generation SMC and the Log Processing Card (LPC). This issue does not affect any other PA series devices. This issue does not affect devices without an LFC. This issue does not affect PAN-OS 8.1 or prior releases. This issue only affected a very limited number of customers and we undertook individual outreach to help them upgrade. At the time of publication, all identified customers have upgraded SW or content and are not impacted.
References
psirt@paloaltonetworks.comhttps://security.paloaltonetworks.com/CVE-2019-17440
af854a3a-2127-422b-91ae-364da2661108https://security.paloaltonetworks.com/CVE-2019-17440
Impacted products
Vendor Product Version
Palo Alto Networks PAN-OS Version: 9.0   < 9.0.5-h3
 Create a notification for this product.
   Palo Alto Networks PAN-OS Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T01:40:15.760Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.paloaltonetworks.com/CVE-2019-17440",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               platforms: [
                  "PA-7000 Series with 2nd Generation SMC",
               ],
               product: "PAN-OS",
               vendor: "Palo Alto Networks",
               versions: [
                  {
                     changes: [
                        {
                           at: "9.0.6, 9.0.5-h3",
                           status: "unaffected",
                        },
                     ],
                     lessThan: "9.0.5-h3",
                     status: "affected",
                     version: "9.0",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "PAN-OS",
               vendor: "Palo Alto Networks",
               versions: [
                  {
                     status: "unaffected",
                     version: "8.0",
                  },
                  {
                     status: "unaffected",
                     version: "8.1",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               value: "Palo Alto Networks would like to thank Ayad (Ed) Sleiman, Head of Information Security at King Abdullah University of Science and Technology (KAUST) and his team for discovering and responsibly reporting this issue.",
            },
         ],
         datePublic: "2019-12-19T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Improper restriction of communications to Log Forwarding Card (LFC) on PA-7000 Series devices with second-generation Switch Management Card (SMC) may allow an attacker with network access to the LFC to gain root access to PAN-OS. This issue affects PAN-OS 9.0 versions prior to 9.0.5-h3 on PA-7080 and PA-7050 devices with an LFC installed and configured. This issue does not affect PA-7000 Series deployments using the first-generation SMC and the Log Processing Card (LPC). This issue does not affect any other PA series devices. This issue does not affect devices without an LFC. This issue does not affect PAN-OS 8.1 or prior releases. This issue only affected a very limited number of customers and we undertook individual outreach to help them upgrade. At the time of publication, all identified customers have upgraded SW or content and are not impacted.",
            },
         ],
         exploits: [
            {
               lang: "en",
               value: "Palo Alto Networks is not aware of any exploitation of this issue.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 10,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-923",
                     description: "CWE-923 Improper Restriction of Communication Channel to Intended Endpoints",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-02-17T16:03:48",
            orgId: "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            shortName: "palo_alto",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.paloaltonetworks.com/CVE-2019-17440",
            },
         ],
         solutions: [
            {
               lang: "en",
               value: "This issue is fixed in 9.0.5-h3 and all subsequent releases. Content update 8218-5815 also fixes the issue.",
            },
         ],
         source: {
            advisory: "PAN-SA-2019-0040",
            defect: [
               "PAN-134242",
            ],
            discovery: "EXTERNAL",
         },
         title: "PAN-OS on PA-7000 Series: Improper restriction of communication to Log Forwarding Card (LFC) allows root access",
         workarounds: [
            {
               lang: "en",
               value: "(1) Content update 8218-5815 can be applied without requiring a software update. Once the content update is installed please ensure that next PAN-OS upgrade is to a fixed version (9.0.5-h3 or later). Do not upgrade or downgrade to an affected release, as it can reintroduce the vulnerability.\n(2) Configure security policies to prevent network sessions destined to LFC.\n(3) Ensure that LFC is only connected to a secured administrative network with access restricted to trusted users.\n(4) Disable or disconnect LFC from the network until fixes can be applied.",
            },
         ],
         x_generator: {
            engine: "Vulnogram 0.0.9",
         },
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@paloaltonetworks.com",
               DATE_PUBLIC: "2019-12-19T19:35:00.000Z",
               ID: "CVE-2019-17440",
               STATE: "PUBLIC",
               TITLE: "PAN-OS on PA-7000 Series: Improper restriction of communication to Log Forwarding Card (LFC) allows root access",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "PAN-OS",
                                 version: {
                                    version_data: [
                                       {
                                          platform: "PA-7000 Series with 2nd Generation SMC",
                                          version_affected: "<",
                                          version_name: "9.0",
                                          version_value: "9.0.5-h3",
                                       },
                                       {
                                          version_affected: "!",
                                          version_name: "8.0",
                                          version_value: "8.0",
                                       },
                                       {
                                          version_affected: "!",
                                          version_name: "8.1",
                                          version_value: "8.1",
                                       },
                                       {
                                          platform: "PA-7000 Series with 2nd Generation SMC",
                                          version_affected: "!>=",
                                          version_name: "9.0",
                                          version_value: "9.0.6, 9.0.5-h3",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Palo Alto Networks",
                     },
                  ],
               },
            },
            credit: [
               {
                  lang: "eng",
                  value: "Palo Alto Networks would like to thank Ayad (Ed) Sleiman, Head of Information Security at King Abdullah University of Science and Technology (KAUST) and his team for discovering and responsibly reporting this issue.",
               },
            ],
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Improper restriction of communications to Log Forwarding Card (LFC) on PA-7000 Series devices with second-generation Switch Management Card (SMC) may allow an attacker with network access to the LFC to gain root access to PAN-OS. This issue affects PAN-OS 9.0 versions prior to 9.0.5-h3 on PA-7080 and PA-7050 devices with an LFC installed and configured. This issue does not affect PA-7000 Series deployments using the first-generation SMC and the Log Processing Card (LPC). This issue does not affect any other PA series devices. This issue does not affect devices without an LFC. This issue does not affect PAN-OS 8.1 or prior releases. This issue only affected a very limited number of customers and we undertook individual outreach to help them upgrade. At the time of publication, all identified customers have upgraded SW or content and are not impacted.",
                  },
               ],
            },
            exploit: [
               {
                  lang: "en",
                  value: "Palo Alto Networks is not aware of any exploitation of this issue.",
               },
            ],
            generator: {
               engine: "Vulnogram 0.0.9",
            },
            impact: {
               cvss: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 10,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                  version: "3.1",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-923 Improper Restriction of Communication Channel to Intended Endpoints",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://security.paloaltonetworks.com/CVE-2019-17440",
                     refsource: "CONFIRM",
                     url: "https://security.paloaltonetworks.com/CVE-2019-17440",
                  },
               ],
            },
            solution: [
               {
                  lang: "en",
                  value: "This issue is fixed in 9.0.5-h3 and all subsequent releases. Content update 8218-5815 also fixes the issue.",
               },
            ],
            source: {
               advisory: "PAN-SA-2019-0040",
               defect: [
                  "PAN-134242",
               ],
               discovery: "EXTERNAL",
            },
            work_around: [
               {
                  lang: "en",
                  value: "(1) Content update 8218-5815 can be applied without requiring a software update. Once the content update is installed please ensure that next PAN-OS upgrade is to a fixed version (9.0.5-h3 or later). Do not upgrade or downgrade to an affected release, as it can reintroduce the vulnerability.\n(2) Configure security policies to prevent network sessions destined to LFC.\n(3) Ensure that LFC is only connected to a secured administrative network with access restricted to trusted users.\n(4) Disable or disconnect LFC from the network until fixes can be applied.",
               },
            ],
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
      assignerShortName: "palo_alto",
      cveId: "CVE-2019-17440",
      datePublished: "2019-12-20T15:22:18.040020Z",
      dateReserved: "2019-10-10T00:00:00",
      dateUpdated: "2024-09-17T01:56:43.008Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      nvd: "{\"cve\":{\"id\":\"CVE-2019-17440\",\"sourceIdentifier\":\"psirt@paloaltonetworks.com\",\"published\":\"2019-12-20T16:15:11.327\",\"lastModified\":\"2024-11-21T04:32:19.927\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper restriction of communications to Log Forwarding Card (LFC) on PA-7000 Series devices with second-generation Switch Management Card (SMC) may allow an attacker with network access to the LFC to gain root access to PAN-OS. This issue affects PAN-OS 9.0 versions prior to 9.0.5-h3 on PA-7080 and PA-7050 devices with an LFC installed and configured. This issue does not affect PA-7000 Series deployments using the first-generation SMC and the Log Processing Card (LPC). This issue does not affect any other PA series devices. This issue does not affect devices without an LFC. This issue does not affect PAN-OS 8.1 or prior releases. This issue only affected a very limited number of customers and we undertook individual outreach to help them upgrade. At the time of publication, all identified customers have upgraded SW or content and are not impacted.\"},{\"lang\":\"es\",\"value\":\"La restricción incorrecta de las comunicaciones a la Tarjeta de reenvío de registros (LFC) en dispositivos de la serie PA-7000 con la Tarjeta de administración de conmutadores (SMC) de segunda generación puede permitir que un atacante con acceso de red al LFC obtenga acceso raíz al PAN-OS. Este problema afecta a las versiones de PAN-OS 9.0 anteriores a la versión 9.0.5-h3 en los dispositivos PA-7080 y PA-7050 con un LFC instalado y configurado. Este problema no afecta a las implementaciones de la serie PA-7000 utilizando la SMC de primera generación y la Tarjeta de procesamiento de registros (LPC). Este problema no afecta a ningún otro dispositivo de la serie PA. Este problema no afecta a los dispositivos sin un LFC. Este problema no afecta a PAN-OS 8.1 o versiones anteriores. Este problema solo afectó a un número muy limitado de clientes y realizamos actividades de divulgación individual para ayudarlos a actualizar. En el momento de la publicación, todos los clientes identificados han actualizado SW o contenido y no se ven afectados.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@paloaltonetworks.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"psirt@paloaltonetworks.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-923\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0\",\"versionEndIncluding\":\"9.0.5\",\"matchCriteriaId\":\"53849AB2-9696-454A-92BC-F9393B22DDF9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:paloaltonetworks:pa-7050:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1536A4E4-D769-45C8-B85C-4A1A4F4AAEC0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:paloaltonetworks:pa-7080:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"01AEF722-2554-4B30-8821-84B20F3BA8CC\"}]}]}],\"references\":[{\"url\":\"https://security.paloaltonetworks.com/CVE-2019-17440\",\"source\":\"psirt@paloaltonetworks.com\"},{\"url\":\"https://security.paloaltonetworks.com/CVE-2019-17440\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
   },
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.