Vid Conf is a mess
The whole legacy video Telepresense style Conf technolgy is a messy. The H323 protocols were not designed to play nice with firewalls and Network Address Translation. For calls inside the company H323 work just fine. Call setup uses a central server called a gatekeeper who knows who can do what, and approves each call. Your MCU will talk to the Gatekeeper and say, "if you want to mix video sources, I can do that". Your ISDN gateway will talk to the Gatekeeper and say, "If you want to use the phone lines/ISDN, I can do that". Ad hoc calls between companies works very badly. By default Gatekeepers do not assume trust, and do-not co-operate. Both system admin need to manually set up the trust in thier gatekeepers . caller by caller. In very simple setup you can bypass the server to call direct, if there is no NAT, no firewall, and no ISDN and no MCU.
If you remember Netmeeting - it was in direct mode. But when you got a 192 - 172 - 10 address, you stopped getting calls. Thats the NAT issue.
But between companies, there will be NAT, and you probaby want to accept phone calls into the meeting, at least sometimes.
In practice, if you have an MCU, it probably not anywhere in the network where it can get contacted by strangers. All MCU appliciances I have seen are rebranded RadVision.
If your MCU audio message says in English "press the pound sign" - its Cisco/Codian/Tandberg/Radvision and likely to have the security issue.