Very recently Cisco announced 3 “critical risk” and numerous other “high risk” vulnerabilities. One
of those vulnerabilities affect IOS XE devices which come with a default pre-configured privileged account which if known could grant easy access to the device by an attacker. Some sources say that this made its way by mistake from testing environment and wasn’t removed by the developers before publishing the IOS XE image.
Below is a comprehensive table listing the vulnerabilities alongside their risk level and CVE reference. The affected platforms includes ISR4000, ASR900, ASR1000, Catalyst 3650/3850, Routers 2900, etc…