CVE-2022-35785
Published: 09 August 2022
Summary
CVE-2022-35785 is a medium-severity an unspecified weakness vulnerability in Microsoft Azure Site Recovery Vmware To Azure. Its CVSS base score is 6.5 (Medium).
Operationally, ranked in the top 8.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2022-35785 is an elevation of privilege vulnerability in Azure Site Recovery. It received a CVSS 3.1 score of 6.5 with the vector string AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H, indicating a remotely exploitable flaw that requires high privileges but no user interaction.
An authenticated attacker with high privileges can leverage the weakness to modify or disrupt resources under the affected Azure Site Recovery component, resulting in integrity and availability impacts.
The Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35785 provides official guidance on mitigation, including recommended updates or configuration steps for Azure Site Recovery deployments. The associated EPSS score has remained flat at 0.0631 with no material rise after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-38658
Vulnerability details
Azure Site Recovery Elevation of Privilege Vulnerability
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.