CVE-2024-33618
Uncontrolled Resource Consumption in Bosch VMS Central Server
Publication date: 2026-04-15
Last updated on: 2026-04-15
Assigner: Robert Bosch GmbH
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| bosch | bosch_vms | From 6.0 (inc) to 12.0.1 (inc) |
| bosch | bosch_bvms_viewer | From 8.0 (inc) to 12.0.1 (inc) |
| bosch | divar_ip_all_in_one | to 12.0.1 (inc) |
| bosch | divar_ip_7000_series | to 12.0.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The CVE-2024-33618 vulnerability affects Bosch VMS Central Server and related products, causing uncontrolled resource consumption that leads to excessive disk space usage.
This vulnerability allows attackers to consume large amounts of disk space via the network interface without requiring any privileges or user interaction.
It is classified as CWE-400 (Uncontrolled Resource Consumption) and has a high severity score of 7.5 according to CVSS v3.1.
How can this vulnerability impact me? :
This vulnerability can severely impact system availability and performance by preventing new data storage, request processing, and essential system functions.
Excessive disk space consumption may lead to system crashes and data loss.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
Users are responsible for timely installation of updates to maintain security and compliance with relevant EU directives.
Failure to address this vulnerability could impact compliance by risking system availability and data integrity, which are important aspects of standards like GDPR and HIPAA.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The vulnerability causes uncontrolled resource consumption leading to excessive disk space usage on Bosch VMS Central Server and related products.
Detection involves monitoring the Bosch VMS Central Server for abnormal resource usage, especially disk space consumption.
Recommended detection methods include network segmentation, segregation, monitoring, log review, and setting up automated alerts for unusual disk space usage.
Specific commands are not provided in the advisory, but typical commands to check disk usage on affected systems could include standard OS commands such as 'df -h' on Linux or 'Get-PSDrive' in PowerShell on Windows to monitor disk space.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves promptly updating affected Bosch VMS software to the fixed versions provided in the advisory.
- Apply specific patches such as BVMS1201375_Patch_CCBlackCamSSH for BVMS and BVMS Viewer.
- Install BVMS_12.0.1_Updates_SystemManager_package_1.2.zip for DIVAR IP devices.
Additionally, implement network security measures including network segmentation, segregation, monitoring, and log review to detect and prevent exploitation.
Timely installation of updates is critical to maintain security and compliance with relevant EU directives.