CVE-2022-35808: 
Azure Site Recovery Agent vulnerability analysis and mitigation

Azure Site Recovery contains an Elevation of Privilege Vulnerability, identified as CVE-2022-35808. The vulnerability was initially recorded on July 13, 2022, and affects Microsoft Azure Site Recovery VMware to Azure deployments versions up to (excluding) 9.50.6419.1 (NVD, CVE Mitre).

The vulnerability has been assessed with a CVSS v3.1 Base Score of 6.5 (MEDIUM), with the following vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H. This indicates that the vulnerability requires network access, has low attack complexity, requires high privileges, needs no user interaction, and can potentially impact both integrity and availability at high levels (NVD).

The vulnerability could allow an attacker to elevate their privileges within the Azure Site Recovery system, potentially leading to high impacts on system integrity and availability, while confidentiality remains unaffected according to the CVSS metrics (NVD).

Microsoft has addressed this vulnerability by releasing a security update for Azure Site Recovery. Users should upgrade to version 9.50.6419.1 or later to mitigate this vulnerability (NVD).