High severity7.8NVD Advisory· Published Oct 3, 2017· Updated Jun 17, 2026
CVE-2015-7359
CVE-2015-7359
Description
The (1) IsVolumeAccessibleByCurrentUser and (2) MountDevice methods in Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, do not check the impersonation level of impersonation tokens, which allows local users to impersonate a user at SecurityIdentify level and gain access to other users' mounted encrypted volumes.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6cpe:2.3:a:ciphershed:ciphershed:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:ciphershed:ciphershed:*:*:*:*:*:*:*:*range: <=0.7.5.0
- (no CPE)
cpe:2.3:a:truecrypt:truecrypt:7.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:truecrypt:truecrypt:7.0:*:*:*:*:*:*:*
- (no CPE)range: 7.0
Patches
Vulnerability mechanics
References
5- packetstormsecurity.com/files/133877/Truecrypt-7-Privilege-Escalation.htmlnvdThird Party AdvisoryVDB Entry
- www.openwall.com/lists/oss-security/2015/09/22/7nvdMailing ListThird Party Advisory
- www.openwall.com/lists/oss-security/2015/09/24/3nvdIssue TrackingMailing ListThird Party Advisory
- code.google.com/p/google-security-research/issues/detailnvdIssue TrackingThird Party Advisory
- veracrypt.codeplex.com/wikipagenvdRelease NotesVendor Advisory
News mentions
0No linked articles in our index yet.