A vulnerability exploitable with network access means the vulnerable software is bound to the network stack and the attacker does not require local network access or local access. Such a vulnerability is often termed "remotely exploitable". An example of a network attack is an RPC buffer overflow.

Specialized access conditions or extenuating circumstances do not exist. The following are examples:

• The affected product typically requires access to a wide range of systems and users, possibly anonymous and untrusted (e.g., Internet-facing web or mail server).
• The affected configuration is default or ubiquitous.
• The attack can be performed manually and requires little skill or additional information gathering.
• The race condition is a lazy one (i.e., it is technically a race but easily winnable).

The vulnerability requires an attacker to be logged into the system (such as at a command line or via a desktop session or web interface).

There is no impact to the confidentiality of the system.

There is no impact to the integrity of the system.

There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.