{"id":4273,"date":"2026-05-08T17:25:41","date_gmt":"2026-05-08T09:25:41","guid":{"rendered":"https:\/\/blog.billows.com.tw\/?p=4273"},"modified":"2026-05-08T17:42:14","modified_gmt":"2026-05-08T09:42:14","slug":"palo-alto-networks-%e5%86%8d%e7%88%86%e9%87%8d%e5%a4%a7-0-day-%e5%8d%b1%e6%a9%9f%ef%bc%9a%e9%98%b2%e7%81%ab%e7%89%86%e6%88%90%e7%82%ba%e5%9c%8b%e5%ae%b6%e7%b4%9a%e9%a7%ad%e5%ae%a2%e6%bb%b2%e9%80%8f","status":"publish","type":"post","link":"https:\/\/blog.billows.com.tw\/?p=4273","title":{"rendered":"Palo Alto \u518d\u7206\u91cd\u5927 0-day \u5371\u6a5f\uff1a\u9632\u706b\u7246\u6210\u70ba\u570b\u5bb6\u7d1a\u99ed\u5ba2\u6ef2\u900f\u4f01\u696d\u5167\u7db2\u7684\u6700\u4f73\u5165\u53e3"},"content":{"rendered":"\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"693\" height=\"358\" src=\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2026\/05\/image.png\" alt=\"\" class=\"wp-image-4274\" srcset=\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2026\/05\/image.png 693w, https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2026\/05\/image-300x155.png 300w\" sizes=\"auto, (max-width: 693px) 100vw, 693px\" \/><figcaption class=\"wp-element-caption\">Photo Credit: Cyber Security News<\/figcaption><\/figure>\n\n\n\n<p>\u8cc7\u5b89\u5708\u8fd1\u671f\u9ad8\u5ea6\u95dc\u6ce8\u7684 <a href=\"https:\/\/security.paloaltonetworks.com\/CVE-2026-0300\">CVE-2026-0300<\/a> \u6f0f\u6d1e\uff0c\u6b63\u8b93\u5168\u7403\u5927\u91cf\u4f7f\u7528 Palo Alto Networks PAN-OS \u7684\u4f01\u696d\u9762\u81e8\u56b4\u5cfb\u98a8\u96aa\u3002\u9019\u9805\u5b58\u5728\u65bc User-ID Authentication Portal\uff08Captive Portal\uff09\u4e2d\u7684\u7de9\u885d\u5340\u6ea2\u4f4d\u6f0f\u6d1e\uff0c\u5141\u8a31\u653b\u64ca\u8005\u5728\u300c\u7121\u9700\u9a57\u8b49\u8eab\u5206\u300d\u7684\u60c5\u6cc1\u4e0b\uff0c\u76f4\u63a5\u5c0d\u66b4\u9732\u65bc\u7db2\u969b\u7db2\u8def\u7684\u9632\u706b\u7246\u57f7\u884c\u9060\u7aef\u7a0b\u5f0f\u78bc\uff08RCE\uff09\uff0c\u751a\u81f3\u53d6\u5f97 root \u6b0a\u9650\uff0c\u7b49\u540c\u65bc\u5b8c\u5168\u63a5\u7ba1\u6574\u53f0\u8a2d\u5099\u3002<\/p>\n\n\n\n<p>\u66f4\u503c\u5f97\u8b66\u60d5\u7684\u662f\uff0c<a href=\"https:\/\/security.paloaltonetworks.com\/CVE-2026-0300\">Palo Alto Unit 42<\/a> \u5df2\u78ba\u8a8d\uff0c\u81ea 2026 \u5e74 4 \u6708\u8d77\uff0c\u5c31\u6709\u7591\u4f3c\u570b\u5bb6\u7d1a\u80cc\u666f\u7684\u5a01\u8105\u7d44\u7e54\u6301\u7e8c\u5229\u7528\u6b64\u6f0f\u6d1e\u9032\u884c\u5be6\u969b\u653b\u64ca\u884c\u52d5\uff0c\u4e26\u5c07\u5176\u8ffd\u8e64\u70ba CL-STA-1132\u3002\u653b\u64ca\u8005\u5728\u6210\u529f\u5165\u4fb5\u5f8c\uff0c\u4e0d\u50c5\u5feb\u901f\u690d\u5165 shellcode\uff0c\u66f4\u7b2c\u4e00\u6642\u9593\u522a\u9664 nginx crash logs\u3001kernel \u8a0a\u606f\u8207 core dump \u7b49\u95dc\u9375\u7d00\u9304\uff0c\u986f\u793a\u5176\u5177\u5099\u9ad8\u5ea6\u6210\u719f\u7684\u53cd\u9451\u8b58\u80fd\u529b\u8207\u9577\u671f\u6f5b\u4f0f\u610f\u5716\u3002<\/p>\n\n\n\n<p>\u5f9e\u76ee\u524d\u63ed\u9732\u7684\u653b\u64ca\u93c8\u53ef\u767c\u73fe\uff0c\u9019\u5df2\u4e0d\u662f\u55ae\u7d14\u7684\u300c\u6f0f\u6d1e\u5229\u7528\u300d\uff0c\u800c\u662f\u4e00\u5834\u5b8c\u6574\u7684\u5167\u7db2\u6ef2\u900f\u4f5c\u6230\u3002\u99ed\u5ba2\u5229\u7528\u9632\u706b\u7246\u4e2d\u53d6\u5f97\u7684\u670d\u52d9\u5e33\u865f\u6191\u8b49\uff0c\u9032\u4e00\u6b65\u5c0d Active Directory \u57f7\u884c\u679a\u8209\uff0c\u9396\u5b9a Domain Root \u8207 DomainDnsZones \u7b49\u6838\u5fc3\u8cc7\u7522\uff0c\u4e26\u900f\u904e Earthworm\u3001ReverseSocks5 \u7b49\u516c\u958b\u6ef2\u900f\u5de5\u5177\u5efa\u7acb SOCKS5 \u901a\u9053\u8207\u591a\u5c64\u8df3\u677f\uff0c\u5c07\u9632\u706b\u7246\u76f4\u63a5\u8f49\u8b8a\u70ba\u9032\u5165\u4f01\u696d\u5167\u7db2\u7684\u96b1\u853d\u5165\u53e3\u3002<\/p>\n\n\n\n<p>\u7279\u5225\u503c\u5f97\u6ce8\u610f\u7684\u662f\uff0c\u653b\u64ca\u8005\u5e7e\u4e4e\u5b8c\u5168\u4f7f\u7528\u516c\u958b\u958b\u6e90\u5de5\u5177\uff0c\u800c\u975e\u5ba2\u88fd\u5316\u60e1\u610f\u7a0b\u5f0f\u3002\u9019\u7a2e\u624b\u6cd5\u8fd1\u5e74\u5728 APT \u653b\u64ca\u4e2d\u8d8a\u4f86\u8d8a\u5e38\u898b\uff0c\u56e0\u70ba\u516c\u958b\u5de5\u5177\u66f4\u5bb9\u6613\u907f\u958b\u50b3\u7d71\u7c3d\u7ae0\u5f0f\u5075\u6e2c\u6a5f\u5236\uff0c\u540c\u6642\u4e5f\u8b93\u4e8b\u4ef6\u66f4\u96e3\u8207\u7279\u5b9a\u7d44\u7e54\u76f4\u63a5\u95dc\u806f\u3002\u904e\u53bb Earthworm \u5c31\u66fe\u51fa\u73fe\u5728 Volt Typhoon\u3001APT41 \u7b49\u4e2d\u570b\u80cc\u666f\u5a01\u8105\u884c\u52d5\u4e2d\uff0c\u5982\u4eca\u518d\u6b21\u73fe\u8eab\uff0c\u4e5f\u8b93\u5916\u754c\u66f4\u52a0\u95dc\u6ce8\u6b64\u6b21\u4e8b\u4ef6\u80cc\u5f8c\u7684\u570b\u5bb6\u7d1a\u653b\u64ca\u53ef\u80fd\u6027\u3002<\/p>\n\n\n\n<p>\u7f8e\u570b<a href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog\"> CISA <\/a>\u4e5f\u5df2\u7dca\u6025\u5c07 CVE-2026-0300 \u7d0d\u5165 Known Exploited Vulnerabilities\uff08KEV\uff09\u76ee\u9304\uff0c\u4e26\u8981\u6c42\u806f\u90a6\u6a5f\u69cb\u5fc5\u9808\u65bc 2026 \u5e74 5 \u6708 9 \u65e5\u524d\u5b8c\u6210\u98a8\u96aa\u7de9\u89e3\u3002\u7531\u65bc\u76ee\u524d\u6b63\u5f0f\u4fee\u88dc\u7a0b\u5f0f\u5c1a\u672a\u5168\u9762\u91cb\u51fa\uff0c\u4f01\u696d\u82e5\u4ecd\u5c07 Authentication Portal \u5c0d\u5916\u958b\u653e\uff0c\u7b49\u540c\u65bc\u6301\u7e8c\u66b4\u9732\u5728\u9ad8\u98a8\u96aa\u72c0\u614b\u4e4b\u4e0b\u3002<\/p>\n\n\n\n<p>\u5f9e\u9632\u79a6\u89d2\u5ea6\u4f86\u770b\uff0c\u9019\u8d77\u4e8b\u4ef6\u518d\u6b21\u51f8\u986f\u300c\u908a\u754c\u8a2d\u5099\u300d\u65e9\u5df2\u6210\u70ba\u73fe\u4ee3\u653b\u64ca\u8005\u6700\u512a\u5148\u7684\u6ef2\u900f\u76ee\u6a19\u3002\u9632\u706b\u7246\u4e0d\u518d\u53ea\u662f\u9632\u79a6\u8a2d\u5099\uff0c\u800c\u662f\u638c\u63e1\u6574\u500b\u4f01\u696d\u7db2\u8def\u6d41\u91cf\u3001\u5e33\u865f\u9a57\u8b49\u8207\u5167\u7db2\u901a\u9053\u7684\u95dc\u9375\u7bc0\u9ede\u3002\u4e00\u65e6\u906d\u5230\u63a5\u7ba1\uff0c\u653b\u64ca\u8005\u751a\u81f3\u80fd\u7e5e\u904e\u65e2\u6709\u8cc7\u5b89\u653f\u7b56\uff0c\u76f4\u63a5\u5f9e\u6700\u6838\u5fc3\u7684\u4f4d\u7f6e\u5411\u5167\u90e8\u74b0\u5883\u6a6b\u5411\u79fb\u52d5\u3002<\/p>\n\n\n\n<p>\u5c0d\u4f01\u696d\u800c\u8a00\uff0c\u76ee\u524d\u6700\u91cd\u8981\u7684\u61c9\u8b8a\u63aa\u65bd\u5305\u62ec\uff1a<br>\u7acb\u5373\u9650\u5236 User-ID Authentication Portal \u50c5\u5141\u8a31\u5167\u90e8\u53ef\u4fe1\u5340\u57df\u5b58\u53d6\u3001\u505c\u7528\u4e0d\u5fc5\u8981\u7684 Captive Portal \u529f\u80fd\u3001\u95dc\u9589\u5c0d\u5916 Response Pages\u3001\u5168\u9762\u6aa2\u67e5\u9632\u706b\u7246\u662f\u5426\u5b58\u5728\u7570\u5e38 shellcode \u884c\u70ba\u3001\u672a\u77e5 SOCKS \u901a\u9053\u3001\u7570\u5e38 SAML \u6d41\u91cf\uff0c\u4ee5\u53ca\u53ef\u7591 AD \u679a\u8209\u6d3b\u52d5\u3002\u540c\u6642\u4e5f\u61c9\u5bc6\u5207\u95dc\u6ce8 Palo Alto \u5b98\u65b9\u66f4\u65b0\uff0c\u4e26\u5728\u4fee\u88dc\u7a0b\u5f0f\u767c\u5e03\u5f8c\u7b2c\u4e00\u6642\u9593\u5b8c\u6210\u66f4\u65b0\u3002<\/p>\n\n\n\n<p>\u9019\u8d77\u4e8b\u4ef6\u518d\u6b21\u63d0\u9192\u6240\u6709\u4f01\u696d\uff1a\u7576\u653b\u64ca\u8005\u958b\u59cb\u7784\u6e96\u9632\u706b\u7246\u8207\u908a\u754c\u8a2d\u5099\u6642\uff0c\u4ee3\u8868\u771f\u6b63\u7684\u76ee\u6a19\u65e9\u5df2\u4e0d\u53ea\u662f\u55ae\u4e00\u8a2d\u5099\uff0c\u800c\u662f\u6574\u500b\u4f01\u696d\u5167\u7db2\u7684\u63a7\u5236\u6b0a\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u8cc7\u5b89\u5708\u8fd1\u671f\u9ad8\u5ea6\u95dc\u6ce8\u7684 CVE-2026-0300 \u6f0f\u6d1e\uff0c\u6b63\u8b93\u5168\u7403\u5927\u91cf\u4f7f\u7528 Palo Alto Networks <a class=\"read-more\" href=\"https:\/\/blog.billows.com.tw\/?p=4273\">READ MORE<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[174],"class_list":["post-4273","post","type-post","status-publish","format-standard","hentry","category-6","tag-news"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/4273","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4273"}],"version-history":[{"count":2,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/4273\/revisions"}],"predecessor-version":[{"id":4276,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/4273\/revisions\/4276"}],"wp:attachment":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4273"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4273"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4273"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}