The same holds true for the Asterisk vulnerability. While significant the attack didn't get me terribly worried about the security of corporate voice networks. Aside from the fact that Digium patched the vulnerability quickly, most companies will be protected from external hackers precisely because firewalls will prevent external calls.
What did alarm me though was the weaknesses in underlying data network security. Pena and Moore could pull off their nefarious deeds by passing calls through open ports on many corporate networks, enabling them to steal administrator names and passwords to the routers.
Here lies the real threat to today's corporate VoIP deployments. Until data networks are adequately secured and protected no amount of VoIP security will save companies from attack.