A critical vulnerability has been discovered in the Genetec Security Center, specifically within the Automatic License Plate Recognition (ALPR) Manager role. This flaw, rated with a CVSS score of 9.8, could be exploited by an attacker to gain full administrative control over the entire security system, potentially leading to a complete compromise of physical and data security infrastructure.

This vulnerability resides in the ALPR Manager component of the Genetec Security Center. It appears to be a privilege escalation or authentication bypass flaw that allows a lower-privileged user, or potentially an unauthenticated attacker, to exploit the ALPR Manager role to obtain full administrative privileges. An attacker could likely exploit this by sending a specially crafted request to the system's management interface, bypassing normal access controls and creating or elevating an account to the highest administrative level.

The business impact of this vulnerability is critical, reflected by its CVSS score of 9.8. Successful exploitation would grant an attacker complete administrative control over the Genetec Security Center. This could lead to severe consequences, including the ability to disable alarms and cameras, manipulate access control systems to grant physical entry, delete or alter critical security footage and logs, and access highly sensitive data collected by the system, such as ALPR records and live video feeds. This complete system takeover poses a significant risk to physical security, data confidentiality, and operational integrity.

Immediate Action: The primary and most effective remediation is to apply the vendor-supplied security patches immediately. The vendor's recommendation is to: Update A critical severity vulnerability has been identified in the ALPR Manager role of Security Center that could allow attackers to gain administrative access to the Genetec Security Center Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.

Proactive Monitoring: Security teams should actively monitor for any signs of compromise. This includes reviewing system and access logs for unusual administrative login activity, unexpected changes to user roles or permissions (especially related to the ALPR Manager), and any access to the management interface from unfamiliar IP addresses. An increase in failed login attempts followed by a successful one may also indicate an exploitation attempt.

Compensating Controls: If immediate patching is not feasible, organizations should implement compensating controls. Restrict network access to the Security Center management portal to a limited set of trusted administrative workstations. If possible, temporarily disable or heavily restrict the permissions of the ALPR Manager role until the patch can be applied.

Public Exploit Available: false

Given the critical severity (CVSS 9.8) of this vulnerability and the potential for a full security system compromise, we strongly recommend that organizations apply the necessary security updates to all affected Genetec Security Center installations as an immediate priority. Although this CVE is not currently listed on the CISA KEV catalog, its high impact makes it a prime candidate for future inclusion. Immediate remediation is the most effective way to prevent a potentially devastating security breach.