> The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack.
Quote from the CVSS specification
Vulnerabilities with this tag were given a CVSS rating as part of the
requirement to be included into the [National Vulnerability
Database](https://nvd.nist.gov/). You can learn more about what the individual
scores mean in the [CVSS specification
document](https://www.first.org/cvss/specification-document).
The Vulnerability History Project