The attacker is authorized with (i.e. requires) privileges that provide significant (e.g. administrative) control over the vulnerable component that could affect component-wide settings and files.
Quote from the CVSS specification
Vulnerabilities with this tag were given a CVSS rating as part of the requirement to be included into the National Vulnerability Database. You can learn more about what the individual scores mean in the CVSS specification document.