CVE-2022-33674

FAQ

What is Azure Site Recovery?

Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: About Azure Site Recovery - Azure Site Recovery

To what scenario does this vulnerability apply?

This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in Azure Site Recovery - Classic - Azure Site Recovery.

What can I do to protect myself from this vulnerability?

You can follow the steps here to update to version 9.49.

According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?

Exploiting this vulnerability requires an attacker to be within the VNET associated with the vulnerable configuration server.

According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of availability (A:L)? What does that mean for this vulnerability?

This vulnerability may allow an attacker to interfere with ASR replication and monitoring for existing protected VMs. However, customers can disable and re-enable replication for the impacted VMs. This vulnerability also does not have any impact on customer's ability to enable replications for new VMs.