CVE-2017-9606 Due to insufficient of checking integrity, authenticity and low user rights on update folder local user can craft fake ViPNet update files with arbitrary execution code and place them in ViPNet update folder After placing fake update files in ViPNet update folder, ViPNet update system executes them with system or local admin rights 3x - With local admin rights 4