CVE-2015-7359

The (1) IsVolumeAccessibleByCurrentUser and (2) MountDevice methods in Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, do not check the impersonation level of impersonation tokens, which allows local users to impersonate a user at SecurityIdentify level and gain access to other users' mounted encrypted volumes.

Published: Oct 3, 2017
Updated: Apr 13, 2023
CVE: CVE-2015-7359
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Low
Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
ciphershed / ciphershed	-	0.7.5.0.x
idrix / veracrypt	-	1.14.x
truecrypt / truecrypt	7.0	7.0.x

http://packetstormsecurity.com/files/133877/Truecrypt-7-Privilege-Escalation.html
http://www.openwall.com/lists/oss-security/2015/09/22/7
http://www.openwall.com/lists/oss-security/2015/09/24/3
https://code.google.com/p/google-security-research/issues/detail?id=537
https://veracrypt.codeplex.com/wikipage?title=Release%20Notes

Vulnerability Database

290,301

CVE-2015-7359