@simontsui @dangoodin @reverseics @kln @serghei I would personally say "an attacker with access to the network service".

Vendors - especially Ivanti - have a habit of underplaying security issues. They think that making it sound like the vuln is less bad makes them look better, when in reality it just makes their customers less safe. That's a huge pet peeve. I'm not gonna judge vendors for having a vuln, but I am going to judge them for handling it badly.