A default password would let anyone access the Cisco Smart Software Manager On-Prem Base platform, even if it s not directly connected to the internet. The default password is for a [HA] system account [that] is not under the control of the system administrator A successful exploit could allow the attacker to obtain read-and-write access to system data, including the configuration of an affected device. The vulnerability only affects systems if the HA feature is enabled, but Cisco issued a patch this week.
Source: https://threatpost.com/critical-cisco-bug-software-licencing-remote-attack/153086/