CVE-2022-35772 is a high-severity remote code execution (RCE) vulnerability affecting Microsoft Azure Site Recovery's VMWare to Azure replication feature, specifically version 9.0. The vulnerability is classified under CWE-94, which relates to improper control of code generation, indicating that the flaw likely involves unsafe handling of user-supplied input that leads to arbitrary code execution. The CVSS 3.1 base score of 7.2 reflects a high impact, with an attack vector of network (AV:N), low attack complexity (AC:L), but requiring high privileges (PR:H) and no user interaction (UI:N). The scope is unchanged (S:U), and the impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H). This means an attacker with high privileges on the affected system can remotely execute arbitrary code without user interaction, potentially leading to full system compromise. The vulnerability resides in the Azure Site Recovery service that facilitates disaster recovery by replicating VMWare virtual machines to Azure cloud infrastructure. Exploitation could allow attackers to execute malicious code within the recovery environment or the replicated VMs, potentially disrupting disaster recovery operations or gaining persistent footholds in cloud environments. No known exploits in the wild have been reported as of the published date, and no official patches or mitigation links were provided in the source information. Given the critical role of Azure Site Recovery in business continuity, this vulnerability poses a significant risk to organizations relying on this service for their disaster recovery strategy.

For European organizations, the impact of CVE-2022-35772 could be substantial, especially for enterprises and public sector entities that utilize Azure Site Recovery for replicating VMWare workloads to Azure. Successful exploitation could lead to unauthorized code execution within disaster recovery environments, potentially causing data breaches, service disruptions, or manipulation of backup and recovery processes. This could undermine business continuity plans and result in operational downtime, data loss, or compliance violations under regulations such as GDPR. The high integrity and availability impact means attackers could alter or destroy replicated data or disrupt failover processes, severely affecting critical infrastructure and services. Additionally, since Azure is widely adopted across Europe, the vulnerability could be leveraged to target cloud-hosted applications and services, amplifying the risk of lateral movement and persistent access within corporate networks.

Organizations should immediately verify if they are running Azure Site Recovery version 9.0 for VMWare to Azure replication and prioritize upgrading to a patched version once available from Microsoft. In the absence of an official patch, restrict administrative access to the Azure Site Recovery environment to trusted personnel only, enforcing strict role-based access controls and multi-factor authentication to reduce the risk of privilege misuse. Network segmentation should be employed to isolate the recovery infrastructure from general corporate networks to limit exposure. Monitor logs and alerts for unusual activities related to Azure Site Recovery operations. Additionally, implement strict input validation and security controls around any custom scripts or automation interacting with the recovery environment. Regularly review and test disaster recovery plans to ensure resilience against potential exploitation scenarios. Engage with Microsoft support channels for updates on patches or workarounds and subscribe to security advisories for timely information.