here is the response from Cisco regarding the CVEs
CVE-2007-2243 Summary:
OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is
enabled, allows remote attackers to determine the existence of user
accounts by attempting to authenticate via S/KEY, which displays a
different response if the user account exists
[Result] ChallengeResponseAuthentication is not enabled in NX-OS
CVE-2007-4752 Summary:
ssh in OpenSSH before 4.7 does not properly handle when an untrusted
cookie cannot be created and uses a trusted X11 cookie instead, which
allows attackers to violate intended policy and gain privileges by
causing an X client to be treated as trusted. Here is the link to know
more info
http://web.nvd.nist.gov/view/vuln/detai ... -2007-4752[Result] X11 forwarding is not enabled in NX-OS
So NX-OS is not impacted by both these vulnerabilities
CVE-2008-3234 - (False Positive)
Evaluated in CSCti81843. The X11 forwarding feature of OpenSSH is explicitly
disabled in all supported versions of NX-OS
CVE-2008-1657 - (False Positive)
Evalutated in CSCtx04369.
[Result]The ForceCommand directive is to force a command
to be executed by the ssh server whenever a user logs in. But for this to be
done , there has to be a configuration directive in the sshd_config file.
The sshd_config files does'nt have this option on. Also by default
ForceCommand option is not enabled in the code.
CVS-2008-1483 – Nexus switches do not run X (False Positive). X11 Forwarding is disabled.
These devices are not susceptible to this attack.
CSCti81843
[Result]Bug filed and closed stating X11 is not effecting Nexus.
CVS-2008-5161 -
As of 7K code version 5.1 (Open SSH v5.5) and Nexus 5K version below is running OpenSSH 5.5 as well which are past your CVE's.
5K Code for openSSH 5.5
(running 5.1(3)N1(1)
Register
Search 
Login
