Cisco has issued a security advisory about a vulnerability in its Emergency Responder software that would allow an unauthenticated remote attacker to log in to an affected device using the root account. The vulnerability, designated CVE-2023-20101, arises from the fact that the root account has default, static credentials that cannot be changed or deleted.
Source: The Register