can anyone confirm if the vulnerability VMware has issued an advisory stating that a vSAN plugin (enabled by default in vCenter) allows remote code execution to any attacker hitting port 443. As mentioned in this ZDNet article, the severity level of this vulnerability is considered critical, and VMWare has strongly urged any users withvCenter servers on versions 6.5, 6.7, or 7.0 to update immediately or, at the very least, todisable any vCenter Server Plugins.
Does this affect ESXi 6.5 ?
Well, this vulnerability can be used by anyone who can reach vCenter Server over the network to gain access, regardless of whether you use vSAN or not. It's not an ESXI vulnerability. You can see the impacted products in https://www.vmware.com/security/advisories/VMSA-2021-0010.html also do check https://blogs.vmware.com/vsphere/2021/05/vmsa-2021-0010.html
This vulnerability is for VCSA... so if VCSA is compromised , ESXi any (ie 6.5) will also carry risk.
Many times you can't see vSAN or vROPs plug-ins in VCSA UI but will appear in compatibility-matrix.xml (since default integrated).
I tired to follow these steps but get error path cant be found in step 2 and 3, can you perhaps provide the correct command to use in ESXi 6.5 please?
short answer is
Details are in below link
does this affect ESXi hypervisor, I do not see any directory starting with vsphere under /etc/vmware/ please see below ls of /etc/vmware/
BootbankFunctions.sh lockdown.conf ssl
autodeploy locker.conf support
config logfilters system-users.conf
configrules lunTimestamps.log system_fips
default.map.d nas uidmap.json
defaultconfigrules oem.map.d usb.ids
driver.map.d oem.xml usbarb.rules
dvsdata.db passthru.map vm-support
esx.conf pci.ids vmfs
firewall pciid vmkiscsid
hostd rabbitmqproxy vmware.lic
icu rhttpproxy vmwauth
ihv.map.d secpolicy vpxa
ima_plugin.conf service vsan
iofilters settings vvold
license.cfg smart_plugin.conf weasel
localsas snmp.xml welcome