> A successful attack cannot be accomplished at will, but requires the
> attacker to invest in some measurable amount of effort in preparation or
> execution against the
> vulnerable component before a successful attack can be expected. For
> example, a successful attack may depend on an attacker overcoming any of the
> following conditions:
> * The attacker must gather knowledge about the environment in which the
> vulnerable target/component exists. For example, a requirement to collect
> details on target configuration settings, sequence numbers, or shared
> * The attacker must prepare the target environment to improve exploit
> reliability. For example, repeated exploitation to win a race condition, or
> overcoming advanced exploit mitigation techniques.
> * The attacker must inject themselves into the logical network path between
> the target and the resource requested by the victim in order to read and/or
> modify network communications (e.g., a man in the middle attack).
Quote from the CVSS specification.
Vulnerabilities with this tag were given a CVSS rating as part of the requirement to be included into the [National Vulnerability Database](https://nvd.nist.gov/). You can learn more about what the individual scores mean in the [CVSS specification document](https://www.first.org/cvss/specification-document).