reflects the access required to exploit the vulnerability.
Sources:
NISTIR 7864
measures an attacker’s ability to successfully exploit a vulnerability based on how remote an attacker can be, from a networking perspective, to an information system.
Sources:
NISTIR 7946