Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
VeraCrypt 1.24 allows Local Privilege Escalation during execution of VeraCryptExpander.exe.
AnalysisAI
VeraCrypt 1.24 allows Local Privilege Escalation during execution of VeraCryptExpander.exe. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Technical ContextAI
VeraCrypt 1.24 allows Local Privilege Escalation during execution of VeraCryptExpander.exe. Affected products include: Idrix Veracrypt.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
The IsDriveLetterAvailable method in Driver/Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when run
Untrusted search path vulnerability in the installer for TrueCrypt 7.2 and 7.1a, VeraCrypt before 1.17-BETA, and possibl
The (1) IsVolumeAccessibleByCurrentUser and (2) MountDevice methods in Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.1
IDRIX, Truecrypt Veracrypt, Truecrypt Prior to 1.23-Hotfix-1 (Veracrypt), all versions (Truecrypt) is affected by: Buffe
Same technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today