Good summary, really nothing new here though. The vulnerabilities you are describing are more related to a switch port with dynamic trunking. This is far more serious then merely gaining access to the voice VLAN. The VLAN identifier being part of the CDP packet is a matter of convenience....

[ more ]