CVE-2022-35801: 
Azure Site Recovery Agent vulnerability analysis and mitigation

Azure Site Recovery contains an Elevation of Privilege Vulnerability, identified as CVE-2022-35801. The vulnerability was initially recorded on July 13, 2022, and affects Microsoft Azure Site Recovery VMware to Azure deployments versions up to (excluding) 9.50.6419.1 (MITRE CVE, NVD).

The vulnerability has been assessed with a CVSS v3.1 Base Score of 6.5 (MEDIUM) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H. This indicates that the vulnerability requires network access, has low attack complexity, requires high privileges, needs no user interaction, and has potential high impacts on integrity and availability but no impact on confidentiality (NVD).

The vulnerability could allow an attacker to elevate their privileges within the Azure Site Recovery system. The CVSS scoring indicates that successful exploitation could result in high impact on both system integrity and availability (NVD).

Microsoft has addressed this vulnerability through updates to Azure Site Recovery. Users should ensure their Azure Site Recovery deployments are updated to version 9.50.6419.1 or later (NVD).