Detections
Analytics

CVE-2015-7358

high

Description

The IsDriveLetterAvailable method in Driver/Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, does not properly validate drive letter symbolic links, which allows local users to mount an encrypted volume over an existing drive letter and gain privileges via an entry in the /GLOBAL?? directory.

References

https://www.exploit-db.com/exploits/38403/

https://veracrypt.codeplex.com/wikipage?title=Release%20Notes

https://code.google.com/p/google-security-research/issues/detail?id=538

http://www.openwall.com/lists/oss-security/2015/09/24/3

http://www.openwall.com/lists/oss-security/2015/09/22/7

http://packetstormsecurity.com/files/133878/Truecrypt-7-Derived-Code-Windows-Drive-Letter-Symbolic-Link-Creation-Privilege-Escalation.html

Details

Source: Mitre, NVD

Published: 2017-10-03

Updated: 2021-06-28

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High