[原文]Cisco Gigabit Switch Routers (GSR) with Fast Ethernet / Gigabit Ethernet cards, from IOS versions 11.2(15)GS1A up to 11.2(19)GS0.2 and some versions of 12.0, do not properly handle line card failures, which allows remote attackers to bypass ACLs or force the interface to stop forwarding packets.
Cisco Gigabit Switch Routers (GSR) Line Card Failure ACL Bypass
Cisco IOS on Cisco GSR devices contains a flaw that may allow a malicious user to bypass ACLs. The issue is triggered when unspecified types of packets are handled by the device. It is possible that the flaw may allow circumvention of access control lists resulting in a loss of confidentiality, integrity, and/or availability.
Upgrade to version indicated in product matrix, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.