A vulnerability found in the update service of the Cisco Webex Meetings Desktop App for Windows could allow an unprivileged local attacker to elevate privileges and run arbitrary commands using the SYSTEM user privileges. The vulnerability tracked as CVE-2019-1674 is an OS Command Injection found by the SecureAuth researchers. The researchers describe it as a “bypass to avoid the new controls”” put in place by Cisco after patching a previously found a DLL hijacking issue in the same application.”
Source: https://www.bleepingcomputer.com/news/security/new-elevation-of-privilege-vulnerability-found-in-cisco-webex-meetings/