PatchSiren cyber security CVE debrief

CVE-2016-6079 IBM CVE debrief

CVE-2016-6079 is a high-severity IBM AIX vulnerability that can let a locally authenticated user obtain root-level privileges. The CVE description names AIX 5.3, 6.1, 7.1, and 7.2, and the NVD record also maps the issue to multiple IBM VIOS 2.2.x releases. Because exploitation requires local authentication, this is most urgent on systems with shared access, administrative tooling, or any environment where untrusted users can log in.

Vendor: IBM
Product: CVE-2016-6079
CVSS: HIGH 7.8
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-02-15
Original CVE updated: 2026-05-13
Advisory published: 2017-02-15
Advisory updated: 2026-05-13

Who should care

IBM AIX administrators, VIOS operators, UNIX infrastructure teams, patch managers, and security teams responsible for systems where local user accounts exist or are provisioned to contractors, operators, or application support staff.

Technical summary

The supplied NVD data classifies the issue as CVSS 3.0 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating a local privilege escalation with no user interaction and full impact if triggered. The vulnerability is described as unspecified in the CVE record, but the outcome is clear: a locally authenticated user may elevate to root. NVD also associates the CVE with IBM PSIRT advisory lquerylv_advisory.asc and with affected IBM AIX and VIOS product/version criteria.

Defensive priority

High priority. The attack requires local access, but the end state is root compromise on affected AIX/VIOS hosts, which can lead to complete system takeover and lateral movement.

Recommended defensive actions

Identify whether any in-scope systems run IBM AIX 5.3, 6.1, 7.1, 7.2, or the IBM VIOS releases listed in the NVD CPE mappings.
Apply the IBM PSIRT guidance and vendor fixes referenced by the advisory as soon as maintenance windows allow.
Treat the issue as a privilege-escalation exposure: restrict unnecessary local accounts and review who has shell or operator access on affected hosts.
After remediation, confirm the system is on a fixed level and document the APAR coverage listed in the CVE description: IV88658, IV87981, IV88419, IV87640, and IV88053.
Prioritize higher-value hosts first, especially systems with multiple users, privileged support access, or workloads that would be materially impacted by root compromise.

Evidence notes

Source timing is based on the supplied CVE publishedAt value of 2017-02-15T19:59:00.330Z; the modifiedAt value is 2026-05-13T00:24:29.033Z. NVD rates the issue CVSS 3.0 7.8 HIGH with vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The corpus explicitly states that a locally authenticated user can obtain root-level privileges and links an IBM PSIRT advisory tagged Mitigation/Patch/Vendor Advisory. No exploit procedure or proof-of-concept details are included here.

Official resources

CVE-2016-6079 CVE record
CVE.org
CVE-2016-6079 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Mitigation, Patch, Vendor Advisory
Source reference
[email protected]
Source reference
[email protected]
Source reference
[email protected]

Public CVE record published on 2017-02-15; NVD record last modified on 2026-05-13. No KEV listing was supplied for this CVE.