Ciphershed
CVE-2015-7359
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
The (1) IsVolumeAccessibleByCurrentUser and (2) MountDevice methods in Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, do not check the impersonation level of impersonation tokens, which allows local users to impersonate a user at SecurityIdentify level and gain access to other users' mounted encrypted volumes.
AnalysisAI
The (1) IsVolumeAccessibleByCurrentUser and (2) MountDevice methods in Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, do not check the impersonation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-264. The (1) IsVolumeAccessibleByCurrentUser and (2) MountDevice methods in Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, do not check the impersonation level of impersonation tokens, which allows local users to impersonate a user at SecurityIdentify level and gain access to other users' mounted encrypted volumes. Affected products include: Ciphershed, Idrix Veracrypt, Truecrypt. Version information: before 1.15.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Ciphershed
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today