The 2017 Pwnie Nominee For Best Server-Side Bug

CVE-2016-6432

Credit: Slipper and Kelwin (@KelwinYang)

A buffer overflow vulnerability in the Identity Firewall feature of Cisco Adaptive Security Appliance software before 9.6(2.1) allows unauthenticated, remote code execution. The Cisco ASA Identity Firewall feature is enabled by default but requires NetBIOS probing to be enabled (disabled by default). Attackers can exploit this vulnerability by sending a crafted NetBIOS packet in response to a NetBIOS probe sent by the ASA software.

CVE-2016-6432