CVE-2021-41608 – This vulnerability allows unauthenticated remot... (How to Fix)

Q: What is the severity of CVE-2021-41608?

CVE-2021-41608 has a CVSS score of 7.5 (HIGH). This vulnerability allows unauthenticated remote attackers to sequentially access survey user data by manipulating the ID parameter in the UploadedImageDisplay.aspx endpoint. It affects SelectSurvey.NET versions before 5.052.000, exposing sensitive survey submissions to unauthorized disclosure.

📋 TL;DR

This vulnerability allows unauthenticated remote attackers to sequentially access survey user data by manipulating the ID parameter in the UploadedImageDisplay.aspx endpoint. It affects SelectSurvey.NET versions before 5.052.000, exposing sensitive survey submissions to unauthorized disclosure.

💻 Affected Systems

Products:

SelectSurvey.NET

Versions: All versions before 5.052.000

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the web application component running on IIS with the vulnerable endpoint exposed.

📦 What is this software?

Selectsurvey.net by Classapps

View all CVEs affecting Selectsurvey.net →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete exposure of all survey submissions including sensitive personal information, intellectual property, or confidential data stored in the system.

🟠

Likely Case

Partial data breach where attackers harvest survey responses containing personal identifiable information, business data, or other sensitive content.

🟢

If Mitigated

Limited exposure with proper network segmentation and access controls preventing external exploitation attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple parameter manipulation attack requiring no authentication or special tools.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.052.000

Vendor Advisory: https://www.classapps.com/product_ssv5.aspx

Restart Required: Yes

Instructions:

1. Download SelectSurvey.NET version 5.052.000 or later from ClassApps website. 2. Backup current installation and database. 3. Install the updated version following vendor instructions. 4. Restart IIS/application services.

🔧 Temporary Workarounds

Block vulnerable endpoint

windows

Restrict access to UploadedImageDisplay.aspx endpoint using web server rules or WAF

# IIS URL Rewrite rule to block access
<rule name="BlockUploadedImageDisplay" stopProcessing="true">
  <match url="UploadedImageDisplay\.aspx" />
  <action type="CustomResponse" statusCode="403" statusReason="Forbidden" />
</rule>

Implement authentication requirement

windows

Add authentication checks to the vulnerable endpoint

# In web.config add authorization requirement
<location path="UploadedImageDisplay.aspx">
  <system.web>
    <authorization>
      <deny users="?" />
    </authorization>
  </system.web>
</location>

🧯 If You Can't Patch

Implement network segmentation to restrict access to the survey application from untrusted networks
Deploy a web application firewall (WAF) with rules to detect and block sequential ID parameter attacks

🔍 How to Verify

Check if Vulnerable:

Test if unauthenticated requests to /UploadedImageDisplay.aspx with sequential ID parameters (1,2,3...) return different survey data

Check Version:

Check application version in web interface or examine SelectSurvey.NET installation directory for version information

Verify Fix Applied:

Verify that version is 5.052.000 or higher and that sequential ID parameter requests no longer return unauthorized data

📡 Detection & Monitoring

Log Indicators:

Multiple sequential requests to UploadedImageDisplay.aspx with incrementing ID parameters
Unusual access patterns from single IP addresses to the vulnerable endpoint

Network Indicators:

HTTP GET requests with ID parameter values following sequential patterns
Traffic to UploadedImageDisplay.aspx endpoint from unauthorized sources

SIEM Query:

source="web_logs" AND uri="*UploadedImageDisplay.aspx*" AND (query="*ID=1*" OR query="*ID=2*" OR query="*ID=3*") | stats count by src_ip

📊 Metadata

CVE ID: CVE-2021-41608

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-639

Published: January 28, 2022

Last Updated: November 21, 2024

🔗 References

https://www.classapps.com/product_ssv5.aspx Product,Vendor Advisory
https://www.optiv.com/insights/source-zero/blog/classapps-inc-selectsurveynet-v50-vulnerabilities-disclosure Exploit,Mitigation,Third Party Advisory
https://www.classapps.com/product_ssv5.aspx Product,Vendor Advisory
https://www.optiv.com/insights/source-zero/blog/classapps-inc-selectsurveynet-v50-vulnerabilities-disclosure Exploit,Mitigation,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-41608, you might also want to check these: