An attacker could use the information to exploit any vendor's SIP-based VoIP infrastructure. "Once you have the extensions, you can perform more advanced attacks," Endler said.
Lance Reid, CEO of NetLogic, Turlock, Calif., said the issue of VoIP security has been somewhat overhyped. "Most of the equipment is behind firewalls and on internal networks that aren't available for public access. As with other internal systems, the only real threat is from people on the inside," Reid said.
However, VoIP security could become a genuine problem for companies down the road, as IP-based unified communication systems are increasingly being designed to interconnect between each other, Reid said.