CVE-2015-7359

{"id": "CVE-2015-7359", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2017-10-03T01:29:00.763", "references": [{"url": "http://packetstormsecurity.com/files/133877/Truecrypt-7-Privilege-Escalation.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2015/09/22/7", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2015/09/24/3", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://code.google.com/p/google-security-research/issues/detail?id=537", "tags": ["Third Party Advisory", "Issue Tracking"], "source": "cve@mitre.org"}, {"url": "https://veracrypt.codeplex.com/wikipage?title=Release%20Notes", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The (1) IsVolumeAccessibleByCurrentUser and (2) MountDevice methods in Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, do not check the impersonation level of impersonation tokens, which allows local users to impersonate a user at SecurityIdentify level and gain access to other users' mounted encrypted volumes."}, {"lang": "es", "value": "Los m\u00e9todos (1) IsVolumeAccessibleByCurrentUser y (2) MountDevice en Ntdriver.c en TrueCrypt 7.0; VeraCrypt, en versiones anteriores a la 1.15; y CipherShed, cuando se ejecutan en Windows, no comprueban el nivel de suplantaci\u00f3n de los tokens de suplantaci\u00f3n, lo que permite que los usuarios locales suplanten a un usuario a nivel de SecurityIdentify y obtengan acceso a los vol\u00famenes cifrados montados de otros usuarios."}], "lastModified": "2021-06-28T18:20:27.607", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ciphershed:ciphershed:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D960C67-AE15-4CA6-8421-AAD0AEB18E29", "versionEndIncluding": "0.7.5.0"}, {"criteria": "cpe:2.3:a:idrix:veracrypt:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95F04B78-6A14-4F91-81DA-BF22FC44F692", "versionEndIncluding": "1.14"}, {"criteria": "cpe:2.3:a:truecrypt:truecrypt:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F9FC5F7-6BCB-4F28-BB8F-C8A5C77662DC"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}