CVE-2022-35818: 
Azure Site Recovery Agent vulnerability analysis and mitigation

Azure Site Recovery contains an Elevation of Privilege Vulnerability identified as CVE-2022-35818. The vulnerability was initially recorded on July 13, 2022, and affects Microsoft Azure Site Recovery VMware to Azure deployments versions up to (excluding) 9.50.6419.1 (NVD, CVE Mitre).

The vulnerability has been assigned a CVSS v3.1 Base Score of 6.5 (MEDIUM) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H. This indicates that the vulnerability requires network access, has low attack complexity, requires high privileges, needs no user interaction, and has a scope that is unchanged. The impact primarily affects integrity and availability, with no impact on confidentiality (NVD).

The vulnerability could allow an attacker to elevate their privileges within the Azure Site Recovery system, potentially leading to unauthorized access and system modifications. The CVSS score indicates high impacts on both system integrity and availability (NVD).

Microsoft has addressed this vulnerability through security updates. Users are advised to update their Azure Site Recovery installations to version 9.50.6419.1 or later to mitigate this vulnerability (NVD).