> .. allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user.<p>> The vulnerability is due to the presence of a default SSH key pair that is present in all devices.<p>That's quite a bug -- I expected to see obscure exploit deep in the networking code which masterfully bypasses all code hardening, but found a default credentials instead. This is the kind of mistake that a random IoT company would do, I would not expect this from Cisco.