With IOS-XE, IOS runs as a daemon upon the Linux kernel with each of the various functions running as separate processes (sub-packages). In contrast to the monolithic nature of IOS, IOS-XE is built on a Linux based kernel to be both modular and highly-available in nature. Therefore, in the event of a single process/module crashing, the entire system would become unresponsive.Īnother disadvantage is around upgrades, as the entire IOS has to be upgraded, rather than individual components, resulting in disruption to the entire system (unless you have the expensive dual-supervisor hardware). This monolithic kernel runs all of its modules within the same memory space, providing no CPU or memory separation.
CISCO IOS XE SOFTWARE
Please see the Cisco IOS XE Software Checker tool for information on non-vulnerable, vulnerable and fixed releases.Classical IOS is based upon a monolithic kernel. This vulnerability affects Cisco devices that are running a vulnerable release of a Cisco IOS XE Software. For a complete list of the advisories and links to them, see Cisco Event Response: September 2017 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication. This advisory is part of the September 27, 2017, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities.
This advisory is available at the following link: There are no workarounds that address this vulnerability.
CISCO IOS XE FULL
A successful exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a DoS condition.Ĭisco has released software updates that address this vulnerability. An attacker could exploit this vulnerability by sending a crafted DHCP Version 4 (DHCPv4) packet to an affected system. The vulnerability is due to a buffer overflow condition in the DHCP relay subsystem of the affected software. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition.
The DHCP relay subsystem of Cisco IOS and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system.