CVE-2024-33618
Published: 15 April 2026
Summary
CVE-2024-33618 is a high-severity Uncontrolled Resource Consumption (CWE-400) vulnerability in Bosch VMS Central (inferred from references). Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 26.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-6 (Resource Availability).
Deeper analysis
CVE-2024-33618 is an uncontrolled resource consumption vulnerability in the Bosch VMS Central Server component of Bosch Video Management System (VMS) version 12.0.1. The flaw enables attackers to consume excessive amounts of disk space via the network interface, classified under CWE-400 (Uncontrolled Resource Consumption). It carries a CVSS v3.1 base score of 7.5, reflecting network accessibility (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), and high availability impact (A:H) with no confidentiality or integrity effects (C:N/I:N).
Any remote attacker with network access to the vulnerable Bosch VMS Central Server can exploit this issue without authentication or user interaction. Exploitation results in denial-of-service by filling the disk with excessive data, potentially disrupting video management operations and rendering the server unavailable.
Bosch has published security advisory BOSCH-SA-162032-BT at https://psirt.bosch.com/security-advisories/BOSCH-SA-162032-BT.html, which details mitigation measures and available patches for addressing the vulnerability.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-55542
Vulnerability details
Uncontrolled Resource Consumption in Bosch VMS Central Server in Bosch VMS 12.0.1 allows attackers to consume excessive amounts of disk space via network interface.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct match to application exploitation causing uncontrolled resource consumption (disk exhaustion) for endpoint DoS, per CWE-400 description.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly prevents or limits the effects of denial-of-service attacks, including uncontrolled disk space consumption via network access.
Protects system resource availability, such as disk space, from unauthorized excessive consumption by remote attackers.
Restricts the types, amounts, and frequency of network inputs to the Bosch VMS Central Server to prevent resource exhaustion like disk space filling.