I found a zero day in a security vendor's firewall software that allows you to remotely crash the entire system by sending it a single malicious packet. Since the firewall is responsible for inspecting traffic prior to the operating system handling it, no ports even need to be open for it to work.