Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.
From VID-E9D2E981-A46D-11E9-BED9-001999F8D30B:
The Asterisk project reports:
When T.38 faxing is done in Asterisk a T.38 reinvite
may be sent to an endpoint to switch it to T.38. If the
endpoint responds with an improperly formatted SDP answer
including both a T.38 UDPTL stream and an audio or video
stream containing only codecs not allowed on the SIP peer
or user a crash will occur. The code incorrectly assumes
that there will be at least one common codec when T.38
is also in the SDP answer.
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center