Houl777

**Name of the Vulnerable Software and Affected Versions** ViPNet Client versions prior to 4.3.2-42442 ViPNet Coordinator versions prior to 4.3.2-42442 **Description** The issue is related to insufficient access control to the update folder and a lack of integrity and authenticity checks for update files. This can allow a local attacker to create a malicious update file containing arbitrary code, place it in the update folder, and then execute it with system or administrator privileges. **Recommendations** For ViPNet Client versions prior to 4.3.2-42442, update to version 4.3.2-42442 or later. For ViPNet Coordinator versions prior to 4.3.2-42442, update to version 4.3.2-42442 or later. As a temporary workaround, consider restricting access to the update folder to minimize the risk of exploitation.