CVE-2022-35799: 
Azure Site Recovery Agent vulnerability analysis and mitigation

Azure Site Recovery contains an Elevation of Privilege Vulnerability identified as CVE-2022-35799. The vulnerability was initially recorded on July 13, 2022, and affects Microsoft Azure Site Recovery VMware to Azure versions up to (excluding) 9.50.6419.1 (NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 6.5 (MEDIUM) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H. This indicates that the vulnerability requires network access, has low attack complexity, requires high privileges, needs no user interaction, and has a scope that is unchanged, with high impacts on integrity and availability but no impact on confidentiality (NVD).

The vulnerability could allow an attacker to elevate their privileges within Azure Site Recovery, potentially leading to unauthorized access and system compromise. The impact assessment indicates high severity for both integrity and availability of the affected systems (NVD).

Microsoft has released security updates to address this vulnerability. Users should upgrade their Azure Site Recovery VMware to Azure installations to version 9.50.6419.1 or later (NVD).