Cyber Resilience

CVE-2024-33618

HighDDoS

Published: 15 April 2026

Published
15 April 2026
Modified
17 April 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0010 26.7th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-33618 is a high-severity Uncontrolled Resource Consumption (CWE-400) vulnerability in Bosch VMS Central (inferred from references). Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 26.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-6 (Resource Availability).

Deeper analysis

CVE-2024-33618 is an uncontrolled resource consumption vulnerability in the Bosch VMS Central Server component of Bosch Video Management System (VMS) version 12.0.1. The flaw enables attackers to consume excessive amounts of disk space via the network interface, classified under CWE-400 (Uncontrolled Resource Consumption). It carries a CVSS v3.1 base score of 7.5, reflecting network accessibility (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), and high availability impact (A:H) with no confidentiality or integrity effects (C:N/I:N).

Any remote attacker with network access to the vulnerable Bosch VMS Central Server can exploit this issue without authentication or user interaction. Exploitation results in denial-of-service by filling the disk with excessive data, potentially disrupting video management operations and rendering the server unavailable.

Bosch has published security advisory BOSCH-SA-162032-BT at https://psirt.bosch.com/security-advisories/BOSCH-SA-162032-BT.html, which details mitigation measures and available patches for addressing the vulnerability.

EU & UK References

Vulnerability details

Uncontrolled Resource Consumption in Bosch VMS Central Server in Bosch VMS 12.0.1 allows attackers to consume excessive amounts of disk space via network interface.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Direct match to application exploitation causing uncontrolled resource consumption (disk exhaustion) for endpoint DoS, per CWE-400 description.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-56921Shared CWE-400
CVE-2026-33538Shared CWE-400
CVE-2026-0517Shared CWE-400
CVE-2026-6051Shared CWE-400
CVE-2026-21945Shared CWE-400
CVE-2026-33750Shared CWE-400
CVE-2025-69534Shared CWE-400
CVE-2025-29487Shared CWE-400
CVE-2025-9278Shared CWE-400
CVE-2026-34650Shared CWE-400

Affected Assets

Bosch
VMS Central
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents or limits the effects of denial-of-service attacks, including uncontrolled disk space consumption via network access.

prevent

Protects system resource availability, such as disk space, from unauthorized excessive consumption by remote attackers.

prevent

Restricts the types, amounts, and frequency of network inputs to the Bosch VMS Central Server to prevent resource exhaustion like disk space filling.

References