But if all of the security features of the various teleconferencing systems were enabled, Moore "couldn't imagine anyone would use the product to make a phone call" due to the complexity, he said in an interview.

Companies often set up the systems outside their corporate firewall to make it easier, but that poses security risks. Deploying the systems inside a firewall can be difficult, as teleconferencing systems can use up to 30 different protocols in order to set up a call, which means firewalls have to be adjusted in order to let the calls come through, Moore said.

Polycom, one of the major teleconferencing vendors, ships most of its products with auto-answer enabled by default, according to Rapid7.

Polycom said it recommends administrators disable auto-answer when deploying a system outside the firewall, and that most of its systems are deployed within the firewall and therefore operate in a secure environment. Customers prefer the auto-answer feature enabled to make it easy for IT to manage video systems remotely, the company said.

Cisco said it was not aware of any new software vulnerabilities in its TelePresence products. On the issue of auto-answer, Cisco said "the feature on all Cisco TelePresence products is set by the administrator of the network."