CVE-2022-35775 : Azure Site Recovery Elevation of Privilege Vulnerability

Azure Site Recovery Elevation of Privilege Vulnerability

Published 2022-08-09 20:15:13

Updated 2025-05-29 19:15:25

View at NVD, CVE.org

Vulnerability category: Gain privilege

Products affected by CVE-2022-35775

Microsoft » Azure Site Recovery Vmware To Azure
Versions before (<) 9.50.6419.1
cpe:2.3:a:microsoft:azure_site_recovery_vmware_to_azure:*:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.26%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 49 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H	1.2	5.2	Microsoft Corporation
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: None Integrity: High Availability: High

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35775

CVE-2022-35775 - Security Update Guide - Microsoft - Azure Site Recovery Elevation of Privilege Vulnerability

Jump to