CVE-2022-35810: 
Azure Site Recovery Agent vulnerability analysis and mitigation

Azure Site Recovery contains an Elevation of Privilege vulnerability identified as CVE-2022-35810. The vulnerability was initially recorded on July 13, 2022, and affects Microsoft Azure Site Recovery service, specifically versions up to (excluding) 9.50.6419.1 (MITRE CVE, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (MEDIUM) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H. This indicates that the vulnerability requires network access, has low attack complexity, requires high privileges, needs no user interaction, and has a scope that is unchanged, with high impacts on integrity and availability but no impact on confidentiality (NVD).

The vulnerability could allow an attacker to elevate their privileges within the Azure Site Recovery service. The impact assessment indicates high potential for both integrity and availability compromise, while confidentiality remains unaffected according to the CVSS metrics (NVD).

Microsoft has addressed this vulnerability through updates to Azure Site Recovery. The fix is implemented in version 9.50.6419.1 and later versions of the software (NVD).