> The access conditions are somewhat specialized; the following are examples:
> - The attacking party is limited to a group of systems or users at some level
> of authorization, possibly untrusted.
> - Some information must be gathered before a successful attack can be
> - The affected configuration is non-default, and is not commonly configured
> (e.g., a vulnerability present when a server performs user account
> authentication via a specific scheme, but not present for another
> authentication scheme).
> - The attack requires a small amount of social engineering that might
> occasionally fool cautious users (e.g., phishing attacks that modify a web
> browsers status bar to show a false link, having to be on someones buddy
> list before sending an IM exploit).
Quote from the CVSS specification.
Vulnerabilities with this tag were given a CVSS rating as part of the requirement to be included into the [National Vulnerability Database](https://nvd.nist.gov/). You can learn more about what the individual scores mean in the [CVSS specification document](https://www.first.org/cvss/specification-document).