Executive Summary

CVE-2023-47268 is an arbitrary code execution vulnerability in PrusaSlicer versions up to and including 2.6.1. It occurs because a crafted 3mf project file can embed a malicious post-processing script within the 'Metadata/Slic3r_PE.config' file inside the project archive. When a user slices the project and exports the G-code, this embedded script executes arbitrary code on the host machine.

The vulnerability arises from the way PrusaSlicer handles post-processing scripts, which are executed on a temporary G-code file before the final output is generated. This allows malicious scripts to run with the privileges of the user slicing the project.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to arbitrary code execution on your computer when you open and slice a maliciously crafted 3mf project file in PrusaSlicer. This means an attacker could run any code they want on your system, potentially leading to unauthorized access, data theft, system compromise, or other malicious activities.

On Linux systems, the exploit can be triggered via command-line interface, while on Windows, it can be triggered by opening the malicious file in the GUI and exporting G-code, which may cause unexpected pop-up messages or other malicious behavior.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by checking for the presence of malicious post-processing scripts embedded within 3mf project files used by PrusaSlicer versions up to 2.6.1. On Linux systems, detection can involve looking for evidence of arbitrary code execution such as the creation of unexpected files like '/tmp/hax' after slicing a suspicious 3mf project file.

Specifically, on Linux, you can run the vulnerable version of PrusaSlicer from the command line to slice a suspicious 3mf file and then check if the file '/tmp/hax' has been created as a sign of exploitation.

On Windows, detection involves opening the suspicious 3mf file in the PrusaSlicer GUI and exporting the G-code; a pop-up message may appear if the exploit is triggered.

There are no explicit commands provided in the resources, but monitoring for unexpected file creation in temporary directories and suspicious pop-ups during G-code export are practical detection methods.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include avoiding the use of PrusaSlicer versions up to and including 2.6.1, as these are vulnerable to arbitrary code execution via crafted 3mf project files.

Upgrade to the latest version of PrusaSlicer, such as version 2.9.4 or later, which includes fixes and improvements that prevent this vulnerability.

Ensure that any post-processing scripts used are from trusted sources and properly validated before execution to prevent unauthorized code execution.

Avoid opening or slicing 3mf project files from untrusted or unknown sources to reduce the risk of exploitation.

Useful 0 Not Useful 0

Compliance Impact

The provided context and resources do not contain specific information about how CVE-2023-47268 affects compliance with common standards and regulations such as GDPR or HIPAA.

Useful 0 Not Useful 0