can anyone confirm if the vulnerability VMware has issued an advisory stating that a vSAN plugin (enabled by default in vCenter) allows remote code execution to any attacker hitting port 443. As mentioned in this ZDNet article, the severity level of this vulnerability is considered critical, and VMWare has strongly urged any users withvCenter servers on versions 6.5, 6.7, or 7.0 to update immediately or, at the very least, todisable any vCenter Server Plugins.
Does this affect ESXi 6.5 ?
Well, this vulnerability can be used by anyone who can reach vCenter Server over the network to gain access, regardless of whether you use vSAN or not. It's not an ESXI vulnerability. You can see the impacted products in https://www.vmware.com/security/advisories/VMSA-2021-0010.html also do check https://blogs.vmware.com/vsphere/2021/05/vmsa-2021-0010.html
This vulnerability is for VCSA... so if VCSA is compromised , ESXi any (ie 6.5) will also carry risk.
Many times you can't see vSAN or vROPs plug-ins in VCSA UI but will appear in compatibility-matrix.xml (since default integrated).
I tired to follow these steps but get error path cant be found in step 2 and 3, can you perhaps provide the correct command to use in ESXi 6.5 please?
short answer is
Details are in below link