A critical vulnerability has been identified in multiple Flock Safety products, including license plate readers and AI compute devices. This flaw, rated 9.8 out of 10, could allow a remote, unauthenticated attacker to take complete control of affected systems, potentially leading to data theft, operational disruption, and unauthorized surveillance. Immediate patching is required to mitigate the significant risk posed by this vulnerability.

The Flock Safety DetectionProcessing application, running on devices such as the Falcon and Sparrow License Plate Readers, bundles a vulnerable third-party component. This component contains a critical flaw that can be exploited remotely over the network without requiring any authentication or user interaction. An attacker can send a specially crafted network packet to an affected device to trigger the vulnerability, leading to arbitrary code execution with the highest level of privileges on the system.

This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation would grant an attacker complete control over the affected security devices. The potential consequences include the exfiltration of sensitive data, such as license plate records and video feeds; manipulation of the device to disable security monitoring or feed false information to the system; and using the compromised device as a pivot point to launch further attacks against the internal network. The business risks include a severe data breach, disruption of security operations, significant reputational damage, and potential regulatory non-compliance.

Immediate Action: Immediately apply the security updates provided by the vendor to all affected Flock Safety products. Prioritize patching for internet-facing or mission-critical devices. After patching, monitor systems for any signs of exploitation and review access logs for any anomalous or unauthorized activity preceding the update.

Proactive Monitoring: Implement enhanced monitoring of network traffic to and from the affected devices. Look for unusual connection attempts, unexpected data transfers, or traffic patterns indicative of scanning or exploitation. On the host level, monitor for unexpected new processes, changes to critical system files, or unauthorized administrative account activity.

Compensating Controls: If immediate patching is not feasible, implement compensating controls to reduce the risk. Isolate the affected devices on a segregated network VLAN with strict firewall rules, permitting only essential communication from trusted management sources. Utilize an Intrusion Prevention System (IPS) with rules designed to detect and block exploitation attempts against this vulnerability.

Public Exploit Available: False

Given the critical severity of this vulnerability, we recommend that organizations treat this as a top-priority threat and apply the vendor-supplied patches immediately. The potential for complete system compromise without authentication presents a significant risk to security infrastructure and data privacy. Although this CVE is not currently on the CISA KEV list, its critical nature makes it a prime candidate for future inclusion and an attractive target for attackers. All affected assets should be patched or have compensating controls applied without delay.