CVE-2022-35807: 
Azure Site Recovery Agent vulnerability analysis and mitigation

Azure Site Recovery contains an Elevation of Privilege vulnerability identified as CVE-2022-35807. The vulnerability was discovered and initially recorded on July 13, 2022, affecting Microsoft Azure Site Recovery VMware to Azure deployments versions up to (excluding) 9.50.6419.1 (CVE Details, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (MEDIUM) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H. This indicates that the vulnerability requires network access, has low attack complexity, requires high privileges, and no user interaction, with potential high impacts on integrity and availability but no impact on confidentiality (NVD).

The vulnerability could allow an attacker to elevate their privileges within Azure Site Recovery environments. The impact is particularly significant for VMware to Azure deployments, potentially affecting system integrity and availability (NVD).

Microsoft has addressed this vulnerability through updates to Azure Site Recovery. Users should upgrade to version 9.50.6419.1 or later to mitigate the vulnerability (NVD).