VDB

GCVE-110-CLOUD-2022-0024

GCVE-110-CLOUD-2022-0024
Advisory Published
Vulnetix · Advisory published July 12, 2022
The Microsoft Azure Site Recovery suite contained a DLL hijacking flaw that allowed for privilege escalation from any low privileged user to SYSTEM on hosts where this service was installed. Incorrect permissions on the cxprocessserver service's executable directory allowed new files to be created in it by any user. Since the service ran automatically and with SYSTEM privileges and attempted to load DLLs from the directory, this allowed for a DLL hijacking / planting attack.

Affected Products

VendorProductVersionsPlatforms
AzureAzure Site Recovery
AzureCloud Services

References

advisory
advisory
advisory
advisory

Browse GCVE Records

73,443 records in the GCVE database · Updated July 18, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›