Cisco has patched a max severity flaw in its Unified Communications Manager (Unified CM) and Session Management Edition (Unified CM SME) products that could let attackers walk right in using a hardcoded root login.
The enterprise communications giant said the static credentials were intended for internal use only but, unfortunately, were left in a range of limited-distribution software builds that went out to customers through official support channels.
Source:: Network World