Shellshock has been getting a lot of buzz lately. It's a bug that was discovered in pretty much all versions of Linux and Unix kernels that will allow remote attackers access to your servers and other devices where they can run commands. This also sometimes referred to as Bash bug. I've found that it has several different CVSS ratings according to various companies, but Cisco has rated it as a 7.5 out of 10. So, it has a very high CVSS rating as well as a low difficulty rating making it a pretty scary bug.
Cisco has addressed this and fixed the bug via upgrade patches and RPM downloads for all of their Nexus 9000 series switches, for both NX-OS mode and ACI mode images. The rest of the Nexus series switches will have a patch available by the end of the month (October 2014).