Cisco has issue a security advisory for Cisco Network Assurance Engine (NAE) Release 3.0(1) for a bug that causes password changes done via NAE to not be synchronized to the CLI of the associated device. This would allow a user to be able to gain access to a device via its CLI using the previous password.

https://www.bleepingcomputer.com/news/security/cisco-network-assurance-engine-bug-allows-login-with-old-passwords/