The Microsoft Azure Site Recovery installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities:
– A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2022-24467, CVE-2022-24468, CVE-2022-24470, CVE-2022-24471, CVE-2022-24517, CVE-2022-24520)
– An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2022-24469, CVE-2022-24506, CVE-2022-24515, CVE-2022-24518, CVE-2022-24519)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.Read More