Genetec Security Center ALPR Manager Role Administrative Access Vulnerability

A critical vulnerability has been identified in the ALPR Manager role of Genetec Security Center, versions 5.11.0.0 and later. This vulnerability allows attackers to gain administrative access to the system. The issue was discovered internally by the Genetec engineering team. The ALPR Manager role has been enabled by default on all Security Center instances since version 5.11.0.0, even when the AutoVu module is not licensed or in use. As a result, all Security Center instances from version 5.11.0.0 onward are affected, unless the ALPR Manager role has been manually disabled.

Impact

Exploitation of this vulnerability could allow an attacker to log in as an administrator on the Genetec Security Center system.

Remediation

Customers running an affected version of Security Center should apply the latest update as soon as possible. For those not using AutoVu ALPR, the ALPR Manager role should be deactivated. If the ALPR Manager role must be used and an update cannot be applied promptly, network access should be restricted to trusted sources and secure connectivity measures, such as a VPN, should be enforced.