A new vulnerability found in the Cisco Webex Meetings client for Windows could allow local authenticated attackers to gain access to sensitive information including usernames, authentication tokens, and meeting info. Cisco has released free software updates to fix the underlying issues on June 17, 2020. Cisco fixed a privilege escalation bug found in February 2019 that could have enabled unauthenticated local attackers to elevate privileges and execute arbitrary commands with SYSTEM privileges. A video demo of an attack scenario, using proof-of-concept code Trustwave will release next week, is embedded below.
Source: https://www.bleepingcomputer.com/news/security/new-cisco-webex-meetings-flaw-lets-attackers-steal-auth-tokens/