The CVSS 9.8 bug allows remote takeover of a vulnerable device. The bug exists in the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software. Cisco built in a default key pair for the software s Secure Shell (SSH) key management function; so, the bug allows an attacker to uncover the pairing and connect to the vulnerable device remotely, as if he or she were the legitimate user. There are no workarounds, so Cisco is encouraging users to update to the latest software release.
Source: https://threatpost.com/cisco-critical-nexus-9000-flaw/144290/