[原文]Cisco 12000 with IOS 12.0 and lines card based on Engine 2 does not properly handle an outbound ACL when an input ACL is not configured on all the interfaces of a multi port line card, which could allow remote attackers to bypass the intended access controls.
Cisco 12000 Series Router Line Card Outbound ACL Failure
Cisco IOS on Cisco 12000 series routers contains a flaw that may allow a malicious user to bypass outbound ACLs. The issue is triggered when some, but not all, interfaces of a line card are configured with inbound ACLs. It is possible that the flaw may allow unauthorized traffic to traverse the network.
Upgrade to version indicated by Cisco product matrix, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.