Skip to main content

CVE-2022-35776: Denial of Service in Microsoft Azure Site Recovery VMWare to Azure

Medium
VulnerabilityCVE-2022-35776cvecve-2022-35776
Published: Tue Aug 09 2022 (08/09/2022, 19:59:10 UTC)
Source: CVE Database V5
Vendor/Project: Microsoft
Product: Azure Site Recovery VMWare to Azure

Description

Azure Site Recovery Denial of Service Vulnerability

AI-Powered Analysis

AILast updated: 07/07/2025, 22:40:23 UTC

Technical Analysis

CVE-2022-35776 is a Denial of Service (DoS) vulnerability affecting Microsoft Azure Site Recovery, specifically the VMWare to Azure replication component version 9.0. Azure Site Recovery is a disaster recovery service that enables replication of virtual machines from on-premises VMWare environments to Azure cloud infrastructure. This vulnerability is categorized under CWE-400, which relates to uncontrolled resource consumption leading to DoS conditions. The CVSS 3.1 base score is 6.2 (medium severity), with the vector indicating that the attack requires adjacent network access (AV:A), low attack complexity (AC:L), and high privileges (PR:H), but no user interaction (UI:N). The scope is changed (S:C), meaning the vulnerability affects resources beyond the initially vulnerable component. The impact is limited to availability (A:H), with no confidentiality or integrity impact. The exploitability is partially functional (E:P), and the report confidence is confirmed (RC:C). No known exploits are reported in the wild, and no patches have been linked yet. The vulnerability could allow an attacker with high privileges and access to the adjacent network to trigger excessive resource consumption in the Azure Site Recovery service, causing service disruption or denial of replication operations from VMWare to Azure. This could impact disaster recovery capabilities and business continuity for organizations relying on this service for critical workload replication and failover.

Potential Impact

For European organizations, this vulnerability could disrupt disaster recovery processes that rely on Azure Site Recovery for replicating VMWare workloads to Azure. Such disruption could lead to unavailability of failover capabilities during critical incidents, increasing downtime and potential data loss risks. Organizations in sectors with stringent uptime and data protection requirements, such as finance, healthcare, and critical infrastructure, could face operational and compliance challenges. The DoS condition does not compromise data confidentiality or integrity but affects availability, which is crucial for business continuity. Given the requirement for high privileges and adjacent network access, the threat is more relevant to internal or trusted network environments rather than external attackers. However, insider threats or compromised privileged accounts could exploit this vulnerability to degrade recovery services. The absence of known exploits reduces immediate risk, but the medium severity score and potential impact on availability warrant proactive mitigation.

Mitigation Recommendations

European organizations should prioritize the following mitigations: 1) Apply any available patches or updates from Microsoft as soon as they are released to address CVE-2022-35776. 2) Restrict and monitor privileged access to Azure Site Recovery components, ensuring that only authorized personnel have high-level permissions. 3) Segment the network to limit adjacent network access to the Azure Site Recovery service, reducing the attack surface. 4) Implement robust monitoring and alerting for unusual resource consumption or service disruptions in Azure Site Recovery to detect potential exploitation attempts early. 5) Conduct regular audits of disaster recovery configurations and test failover procedures to ensure resilience despite potential service interruptions. 6) Employ network-level controls such as firewalls and intrusion detection systems to detect and block anomalous traffic patterns targeting the recovery service. 7) Maintain an incident response plan that includes scenarios involving disruption of disaster recovery services to minimize downtime and operational impact.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
microsoft
Date Reserved
2022-07-13T00:00:00.000Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 6838aece182aa0cae28a0d18

Added to database: 5/29/2025, 7:00:30 PM

Last enriched: 7/7/2025, 10:40:23 PM

Last updated: 8/15/2025, 3:02:17 PM

Views: 13

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats