Touch10 listens on TCP 49152 - exploitable?

Steve Egyhazi · ‎04-03-2017

I am writing to ask if the Cisco Touch10 is vulnerable to exploit. As I port scan a few of my company's Touch10's (three of them anyway, each paired with an SX10), they all report that they are listening on TCP port 49152. I presume this is how the SX codec can send information back to the tablet with call information, camera state etc. Does this single open port represent a potential security vulnerability? Is it best practice to avoid using a public IP on the Touch10, and instead assign the Touch10 a private IP to at least mitigate exposure from the outside? Also, do all Touch10's listen on this same port 49152? Thanks for any comments.

Elias Sevilla Duarte · ‎04-14-2017

TCP ports 49152 and 49153 are listening ports in the endpoint for Touch Panel auto discovery, so this ports will permanently remain listening.

From the Touch Panel's perspective, I don't know what is the port used (as a source of the auto discovery packets), so I would need to do a lab and verify the source port.

If the SX is registered to a Cisco VCS or Cisco UCM, then there is no need to use a public IP, as per the Firewall Traversal feature of the VCS/Expressway, which allows endpoints with private IP, to communicate directly with Public IPs via the VCS/Expressways.

At this point, in the latest software versions of the SX codecs, there are no much security vulnerabilities, at least that are known, though using a public IP address in the endpoints is less secure than using private IP address behind a firewall.

I hope this is of help.