"The attacker "then escalated to administrative privileges, allowing them to login to multiple systems" "
Cisco should definitely demand that their hardware vendor fix their broken and obviously insufficient device security. Oh, wait...
You'd think that Cisco, being Cisco, would be running all the newest high-end IDS/IPS wiz-bang stuff and would have seen this coming from a mile away and dealt with it before it got anywhere or could send any data out. I mean, hell, if Cisco can't even keep control of the networks that they themselves design and build, what hope do any of the rest of us mere mortals have?