CVE-2004-2420
Description
Hitachi JP1/File Transmission Server/FTP 6 and 7 can be remotely halted via a port scan with reset packets, causing a denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Hitachi JP1/File Transmission Server/FTP 6 and 7 can be remotely halted via a port scan with reset packets, causing a denial of service.
Vulnerability
Hitachi Job Management Partner (JP1) JP1/File Transmission Server/FTP versions 6 and 7 contain a vulnerability that allows remote attackers to cause the daemon to halt. The flaw is triggered by a port scan involving reset (RST) packets, which likely leads to an unexpected condition in the server's connection handling code [1]. The exact component within the affected versions is the FTP server daemon, and the condition is reachable from the network without prior authentication.
Exploitation
An attacker does not require any prior authentication or special privileges. The only requirement is network connectivity to the target server. By performing a port scan that sends reset packets (typically as part of a TCP scan), the attacker can trigger the vulnerability. The precise sequence is not detailed, but the act of scanning with RST packets is sufficient to halt the daemon [1]. No user interaction or race condition is needed.
Impact
Successful exploitation results in a denial of service (DoS): the JP1/File Transmission Server/FTP daemon stops responding [1]. This disrupts legitimate file transmission services and may require administrator intervention to restart the process. There is no indication of data corruption, information disclosure, or privilege escalation—only availability is affected.
Mitigation
The advisory does not mention a specific patch or fixed version. As of the publication date, users should refer to Hitachi's support channels for updated software. If no patch is available, potential workarounds include restricting network access to the FTP server (e.g., using firewalls or access control lists) to limit exposure to untrusted sources [1]. The vulnerability is not currently listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
11cpe:2.3:h:hitachi:jp1_p-1b41-9461:06_00_h:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:h:hitachi:jp1_p-1b41-9461:06_00_h:*:*:*:*:*:*:*
- cpe:2.3:h:hitachi:jp1_p-1b41-9461:06_01_d:*:*:*:*:*:*:*
- cpe:2.3:h:hitachi:jp1_p-1b41-9461:06_02-b:*:*:*:*:*:*:*
- cpe:2.3:h:hitachi:jp1_p-1b41-9461:06_02_c:*:*:*:*:*:*:*
cpe:2.3:h:hitachi:jp1_p-1b41-9471:07_00_a:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:h:hitachi:jp1_p-1b41-9471:07_00_a:*:*:*:*:*:*:*
- cpe:2.3:h:hitachi:jp1_p-1b41-9471:07_10:*:*:*:*:*:*:*
- cpe:2.3:h:hitachi:jp1_p-1b41-9471:07_10_a:*:*:*:*:*:*:*
- cpe:2.3:h:hitachi:jp1_p-1j41-9471:07_00:*:*:*:*:*:*:*
- cpe:2.3:h:hitachi:jp1_p-1j41-9471:07_10:*:*:*:*:*:*:*
- cpe:2.3:h:hitachi:jp1_p-1j41-9471:07_10_a:*:*:*:*:*:*:*
- Range: = 6 or 7
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- secunia.com/advisories/12050nvdPatchVendor Advisory
- securitytracker.com/idnvdPatch
- www.hitachi-support.com/security_e/vuls_e/HS04-005_e/01-e.htmlnvd
- www.hitachi-support.com/security_e/vuls_e/HS04-005_e/index-e.htmlnvd
- www.securityfocus.com/bid/11012nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/17071nvd
News mentions
0No linked articles in our index yet.