I suspect this is not just a matter of adding admin accounts with a fixed password.
I manage a large production control system in a pharma plant. The software is from a well known vendor (in that industry) and comes with a lot of certifications. There are no hard coded user accounts, though there are privileged accounts that I know the password of because I set them up. But regardless of the fact that I know those passwords, this is an enormous pile of software comprised of services, user applications, scripting engines, background process, etc, and different parts of the software are running distributed over 15 different servers. As a collection, some of that software is 30 years old and cobbled together from lots of pieces from lots of different sources.
I come from a software developer background, doing mostly kernel level work, interprocess communication, software infrastructure etc. When I look at the pile of software I have been managing for over a decade now, I see many ways to abuse running services or schedulers, and making do things they are not supposed to.
Not because I can 'log in' as a service account, but because I know for example that one of those privileged accounts is getting information from some place in order to determine what to do, and because of an oversight or bug, I can affect the information telling that account what to do. Due to less than perfect design (or possibly because of legacy software that cannot easily be changed) I could piggy back a script or executable on top of something else and have that executed in a privileged manner.
So I really think that this is not so much a cisco developer adding in privileged accounts. After all that would be trivial enough to find in code audits. But it is much more likely that there are ways to influence what a privileged process inside the cisco system is doing. The term 'backdoor' implies a much bolder and intentional issue, which I really don't think is going on here.
And since Cisco has developers who are very much at home in their own software, it doesn't really surprise me that they can look at their own code, and figure out things that may have unexpected vulnerabilities.