CVE-2024-21323: Microsoft Defender for IoT Remote Code Execution Vulnerability

According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires the attacker to be able to send a malicious update package to the Defender for IoT sensor over the network. To do this, the attacker would first need to authenticate themselves and gain the necessary permissions to initiate the update process.