Cisco IOS XE Software Static Credential Vulnerability
As per the Cisco Security Advisory, a vulnerability in Cisco IOS XE Software could allow an unauthenticated, remote attacker to log in to a device running an affected release of Cisco IOS XE Software with the default username and password that are used at initial boot. The advisory further provides mitigation strategies that can be accessed here