CVSS Access Vector is part of the CVSS Base metric group, and reflects the level of access required to exploit a vulnerability. The more remote an attacker can be to exploit a vulnerability, then the higher the score and risk.
The service looks up CVSS values from NIST for each vulnerability in the National Vulnerability Database (NVD). In a case where NIST lists the CVSS Base score of 0 or does not provide a score for a vulnerability in the NVD, the service determines whether the severity of the vulnerability warrants a higher CVSS Base score. If so, a service generated score is displayed with the footnote [1] to indicate a service generated score. If this footnote appears for the CVSS Base score, then the CVSS Access Vector is also provided by the service.
CVSS Access Vector values are:
Local Access. The vulnerability is only exploitable with local access. The attacker must have physical access to the vulnerable system or access to a local (shell) account.
Adjacent Network. The vulnerability is exploitable with adjacent network access. The attacker must have access to either the broadcast or collision domain of the vulnerable software.
Network. The vulnerability is exploitable with network access, meaning that the vulnerability is remotely exploitable. This means the vulnerable software is bound to the network stack. The attacker does not need local network access or local access to exploit this type of vulnerability.